Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

email infected by Torpig?


  • Please log in to reply

#46
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

When I tried to open Excel after this last FRST fix I got a prompt saying it couldn't open the program and that I should try repairing it.  I went to the apps and selected Modify and got this dialogue box... https://www.dropbox....rosoft.png?dl=0

 

I wasn't sure which to choose.

Attached Files


Edited by karolion, 20 November 2021 - 02:22 PM.

  • 0

Advertisements


#47
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Choose the Online repair and let me know what happens. 


  • 0

#48
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Sorry, I misread what it said.  I am attempting the quick repair now.


  • 0

#49
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

OK. If that doesn't fix anything, go on for the Online repair. 


  • 0

#50
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Oops.  I had to refresh the page because it wasn't showing my most recent message.  We had some success.  The Office icons now open the apps but I'm getting the expired offer message.  I tried Word, OneNote and Excel, in that order and when I clicked on Excel I got a different message... https://www.dropbox....loffer.png?dl=0

 

I didn't accept because if that choice is binding it could void the year subscription I purchased.  I have been on hold waiting to speak to someone at Lenovo software support for 29 minutes.


  • 0

#51
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Yes, now the problem is clear that the license expired. You have to talk to the company and mention the bill, where the licence is shown as one year license.

 

And now... after this "mini trip" around Office issues, I have to ask:

 

Is there any remaining problem regarding this computer? :)


  • 0

#52
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

No, I don't believe so.  I appreciate your help so much.  Thanks for spending so much time to assist me.  I wish there was something I could do to repay you.  If you ever need advice from a pharmacist let me know.


  • 1

#53
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I do have a question about one of your messages.  You repeated that I should change my passwords.  Was there something that made you think I hadn't already done that?


  • 0

#54
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

No, I don't believe so.

 
I'm so glad to hear this!!! 

wLPkDda.gif
 
 

I do have a question about one of your messages.  You repeated that I should change my passwords.  Was there something that made you think I hadn't already done that?

 
Yes, I was concerned about the file deleted without being recognized by you. But it could be anything related with the fixes. 
 
 

Thanks for spending so much time to assist me. If you ever need advice from a pharmacist let me know.

 
You are very welcome, and ... sure I will!   :prop:

 
==========================================
 
There are a few things yet to be done.
 
1. Upgrade the operating system
 
You are still running with Windows 10 version 20H2, a major upgrade behind (the latest version is 21H1). t is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. Although version 20H2 will be supported until May 2022, you may want to upgrade now to the latest Windows version. If you decide to do that now, here are the steps:

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

 

2. Uninstall the tools we used / Create a restore point

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

 

In your next reply please post:

  1. What you decided/did regarding the upgrade
  2. The KpRm.txt
  3. What you did about the expired licence. What did they tell you? (Yes, I'm curious :)  )

  • 0

#55
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I just realized I forgot to attach the last fixlog.  I edited the post where I should have attached it so you could see it if you like.  I am waiting while Windows is downloading.  I am also still waiting on hold for Lenovo assistance.  I was disconnected about 40 minutes ago.  Should I download and work on the KpRm instructions you posted while Windows is downloading?  It says "Feel free to keep using your PC." in the dialogue box but I wasn't sure. 


  • 0

Advertisements


#56
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

It was obvious that the fix worked, that's why I didn't ask to see it. 
 
No, since you decided to upgrade, let it complete and let me know if everything is fine. If yes, then run KpRm. In other words, leave it at the very end.
 
Have in mind that upgrade may take some hours, so be patient. 
 

I am also still waiting on hold for Lenovo assistance.  I was disconnected about 40 minutes ago.

 

Not a very good service, unfortunately...


  • 0

#57
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I've been on the phone most of the time since your last message.  I was hung up on by Lenovo four times.  I was able to contact Microsoft and was assigned three case numbers since I had to call that many times.  The agent wants me to contact Lenovo and have them send me an email showing that I paid for the 365 subscription.  That is even after I provided the agent with my order confirmation email and the agent accessed a different invoice from Lenovo listing the serial number of my laptop.  I suppose I'll attribute this convoluted process to bureaucracy.  I will keep you updated on the status of the Microsoft 365 situation.

 

The upgrade for Windows 10 went well and only took about an hour.  Before I ran KpRm I got a dialogue box notifying me a file was deleted from OneDrive.  Since I ran KpRm there are eight more deleted files that OneDrive wants me to acknowledge.  I didn't know if you were interested in any of that so I haven't selected "Got it" yet.  Here's the link to the image https://www.dropbox....malert.png?dl=0

 

# Run at 11/20/2021 7:58:48 PM
# KpRm (Kernel-panik) version 2.9.2
# Run by 19192 from C:\Users\19192\OneDrive\Desktop
# Computer Name: LAPTOP-6BUIOIQ5
# OS: Windows 10 X64 (19044) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\19192\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2021-11-20-19-58-48
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\19192\OneDrive\Desktop\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## ESET Online Scanner
     [OK] C:\Users\19192\OneDrive\Desktop\esetonlinescanner.exe deleted
 
  ## FRST
     [OK] C:\Users\19192\OneDrive\Desktop\Addition.txt deleted
     [OK] C:\Users\19192\OneDrive\Desktop\Addition4.txt deleted
     [OK] C:\Users\19192\OneDrive\Desktop\Fixlog.txt deleted
     [OK] C:\Users\19192\OneDrive\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\19192\OneDrive\Desktop\FRST.txt deleted
     [OK] C:\Users\19192\OneDrive\Desktop\FRST64.exe deleted
     [OK] C:\Users\19192\OneDrive\Desktop\FRSTscan4.txt deleted
     [OK] C:\FRST deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named microosft created at 11/21/2021 03:21:00 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 11/21/2021 04:02:48
 
-- KPRM finished in 250.67s --

  • 0

#58
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I figured I should also tell you that the Microsoft agent logged in to my laptop to do some things.  He had me open a Microsoft help window by having me press ctrl + the windows key + Q.  He sent me an email with a confirmation code to provide him before he did anything on my computer.  When we were done a dialogue box appeared stating that remote assistance had been terminated so I believe the process was legitimate.


  • 0

#59
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Karolion.
 
The things deleted are OK. We deleted them.
 
I have the impression that your licence expiration has to do with the Lenovo company, from where you bought the computer, and not Microsoft. They have to explain to you why they sold to you an one year licence which expired in 6 months. In any case, we cleaned and took care of the computer, and if I were you I wouldn't let anyone to have remote access to it from now on. The license issue is not something that needs necessarily a remote access to the computer.

 

I will be glad to hear that you solved the issue with them, so I won't lock the topic yet.

 

=====================================

 

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.   ZZZQehw.gif



I'm glad I was able to help you.


  • 0

#60
karolion

karolion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thank you for your last post.  You outlined some things I wasn't aware I should be doing regarding updates.  I also wasn't aware of the pitfalls of registry cleaners though I hadn't considered using one on this laptop.  I expect to be on the phone for a while tomorrow dealing with Microsoft.  I'll post another reply when I know what the resolution of the situation will be.

 

Again, your help is much appreciated.  Any way I may be able to assist you, anything you can think of, just let me know via email.  If you don't have my address perhaps you could get in touch with me via this site.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP