Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected Windows 8.1 Toshiba Satellite [Solved]


  • This topic is locked This topic is locked

#1
LFC4

LFC4

    Member

  • Member
  • PipPip
  • 29 posts

Evening all,

 

Well to kick things off, this is my roommate's laptop I am reaching out on. My laptop is currently unavailable, so we have been sharing this one for the time being.

 

For the lack of better words, and to move things along, he is EXTREMELY careless with online safety practice. For example, we're both massive soccer fans and watch the Premier League from England as often as possible. Being overseas, we usually have to find a link online to tune in, and my roommate will click any site, from any country, in any browser that he can find just without even thinking twice. Of course I let him know that he is almost 100% going to have an infected computer and that turning his firewall back on would more than likely be a good idea but it just doesn't seem to click for the lad ...

 

I asked him to borrow it tonight considering we have a massive test tomorrow (both business majors) and I prefer typing my notes, to pencil anyday of the week. I booted into safe mode a hour or so ago and ran Autoruns just to see a couple things and no suprise I could point out immediate issues.

 

Apologies for any poor spelling and grammar as I have been cramming Macroeconomics into my head for most of the week. I didn't really look over the Farbar scan yet but I will immediatly after I post this.

 

Thank you,

 

LFC4

 

 

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi do you know anything about this programme, as it purports to be from McAfee yet uses Razer file names :

C:\Program Files (x86)\BetterthanWindows\Hopeforthesystem\n33D\BegoneAZN\raptor.exe [1829232 2015-03-09] (McAfee Inc.)

As I am about to remove it in toto

Also Windows defender is a baseline AV and not really good at protecting against newer threats

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [Raptor] => C:\Program Files (x86)\BetterthanWindows\Hopeforthesystem\n33D\BegoneAZN\raptor.exe [1829232 2015-03-09] (McAfee Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1776862199-797976733-331589447-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2015-03-26] () <==== ATTENTION (zero size file/folder)
2015-03-26 08:35 - 2015-03-26 08:35 - 00000000 _____ () C:\WINDOWS\SysWOW64\lsass.exe
2015-03-26 20:53 - 2015-03-26 20:53 - 00000000 ____D () C:\Program Files\McAfee
2015-03-24 05:46 - 2015-03-24 05:46 - 00000401 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-03-09 14:04 - 2015-02-06 17:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-08 21:37 - 2015-03-08 21:37 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-04 16:14 - 2015-03-04 16:14 - 00000118 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Task: {5EC8AD37-4343-4D07-B612-D592A6B7AC4F} - System32\Tasks\steamwebhelper_killer => TASKKILL <==== ATTENTION
C:\Program Files (x86)\BetterthanWindows
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
LFC4

LFC4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Essexboy,

Hellohello! Hope all is well at your end ... yes the Mcafee:Raptor was installed from here, and my mouse

is a Razer Deathadder 2013.

I was having my doubts if we were asking too much from Windows Defender, thank you for confirming.

What would you reccomend for support? I had done a bit of researching on AVG 2015 as well as

Bitdefender freewear. This laptop is used for gaming :geek: (as i'm sure you picked up) More

specifically CS:GO which is quite CPU dependent. Regardless, Security > Gaming Performance.

 

Lastly, you have the green light to add/remove anything as all files of significance has been uploaded to Onedrive.

Can't thank you enough for helping me :D Attached File  Fixlog.txt   5.13KB   129 downloadsLog is attached as requested.


  • 0

#4
LFC4

LFC4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

That was oddly a struggle to upload, kept telling me the file was too large?


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
5Kb too large ? Weird....

Are there any specific problems that you are experiencing ?

As for AV's there are several free ones around, but for gaming you will want one that is light and has a silent gaming mode I would suspect

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#6
LFC4

LFC4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

My initial guess was some kind of malware that had got into the pagefile, can't recall why we were deleting the pagefile but no matter what it always came back. The past week or so though my mouse started feeling sluggish (a good gamer knows his mouse :prop: ) and I couldn't figure out what was wrong until I ran pnputil from CMD and there was an insane amount of "Razer.oem".

 

Also in CS:GO, you can actually see how many viewers are watching your match and more times than not I wouldn have "1" watching me ...

 

I've also had thoughts it was my ISP (PavlovMedia) who are as far away from the apex of ISP's as you can get, to put it nicely :headscratch:

 

I wouldn't consider myself advanced in PCs by any means though (maybe moderate?) so take my opinion with a grain of salt

 

 

Thanks again Essexboy

Attached Files


  • 0

#7
LFC4

LFC4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Or maybe some sort of hidden autorun that worked it's way through my roommates USB to mine? Or I suppose once on our network, maybe a cloud vulnerability? (Yes shared router)

 

I'm all over ...lol. Good thing you're in charge :yeah:

 

 

Attached Files

  • Attached File  MBR.dat   512bytes   83 downloads

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For Razer have you uninstalled all the drivers and then gone for a re-install to ensure that you just have one copy each of the necessary files

As it stands I can see no malware, but if you share USB drives I think it would be advisable to install MCShield to protect yourself

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that
  • 0

#9
LFC4

LFC4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I have not, Razer puts all their drivers in their cloud-like software called Synapse. Should I just go back to CMD and remove them one by one? I don't think Synapse has that option, but I could be wrong. I can figure that out though, you've done more than enough!

 

Avast has your vote for AV?

 

Thanks again Essexboy,

 

It's a no-brainer for me where to get help, nothing but qualty people on this site :D

 

 

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Razer does seem to be a bit of a beast to uninstall

The new drivers are held here : http://drivers.razer...76&pcid=0&nav=0
Download the correct ones to your desktop
Then from Control Panel uninstall the following :

Razer Cortex
Razer Synapse


Once that has been done then follow the few easy steps on this page to remove the remnants http://www.howtogeek...o-new-hardware/

Reboot and you will then be using the MS generic drivers
Now install the Razer drivers that you wish to use

This is the security set up that I recommend, it is lightweight and mainly fire and forget.
With Avast there is an additional setting for gaming

How to set up a reasonable and light security regime for your system. Apart from cryptoprevent all other elements are install and forget.

DOWNLOAD AND INSTALL ANTIVIRUS

Download Avast - direct link Avast 2015

Select Custom install
Remove the ticks from the first page for the following unless you want them :
avastchrome.JPG
Dropbox
Chrome
Chrome toolbar


Select Next
Deselect the following from the middle column as you will not need them :
avasttools.JPG
SecureLine
Grimefighter


Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine

Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb

How to register



Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Also place a tick in Silent/Gaming mode. The only alerts then will be for viruses
pups.JPG

PROTECT AGAINST RANSOMEWARE

CryptoPrevent install this programme to lock down and prevent crypto ransome ware.
Manually update monthly

CryptoPrevent.JPG

PROTECT AGAINST UNWANTED BUNDLED SOFTWARE

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
unchecky.JPG
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

IF YOU USE USB DRIVES

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan

BACKUP AND IMAGING

It is always advisable to have a backup of your current windows set up on a seperate USB external drive
I recommend Macrium Reflect for this
I have a small tutorial here on how to use it http://www.geekstogo...t-imaging-tool/
The restore from backup usually completes in about 20 minutes (depending on the size of your drive )
macrium%20reflect.JPG

Let me know how that goes and whether or not you are having any other problems
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP