Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked Windows defender [Closed]

shell spyware keylogger windows 11 antivirus

  • This topic is locked This topic is locked

#1
relay

relay

    New Member

  • Member
  • Pip
  • 3 posts

Hello, I have factory reset my pc a few times now to hope the virus goes away. I run autoruns to check if the windows defender is signed or not. But its not signed and i think i am being keylogged and spyed on. I think the core of my pc has been infected. I do not know how to remove this fully. (Cant delete the microsoft defender files) ( The files are being downloaded automaticly and antivirus is not controlled by me. I had lots of transactions on my paypal account lately that wherent me aswell. Hope someone can help me!!


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

If you did a factory reset, then it is unlikely for the system to be still infected. Let's check some logs, to better understand what is happening.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
relay

relay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Thank you. I ran the tool here are the attachments: 

Attached Files


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

I'll need some time to review your logs, and most possibly be back to you within 24 hours. 
 
Meanwhile, please move FRST on to your Desktop.

Also, adhere to the guidelines below:

 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Hello.
 
You have used so many security programs (some of them have still a significant amount of remnants), I am not surprised you have issues with your computer! And obviously, you did a lot after the factory reset, so my statement above that doesn't apply here.
 
We must start from somewhere.
 
1. McAfee removal

  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
WebAdvisor by McAfee
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the McAfee items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.
 
2. System date?
 
While it's obvious that you ran FRST on November 17th, there are lines dated on November 18th. Can you please check the system's clock and confirm that everything is fine (or not) ? 
 
 
In your next reply please post:
  1. If uninstalling McAfee ran smoothly
  2. A reply about the system date

  • 0

#6
relay

relay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello, i watched some youtube video and they told me to close some stuff in task manager, I think it was called svchost. Now my computer is in a infinite boot. (Also cant go into bios)
  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Hello, i watched some youtube video and they told me to close some stuff in task manager, I think it was called svchost. Now my computer is in a infinite boot. (Also cant go into bios)

 

That is why I asked you to adhere to the basic guidelines of this forum!

 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
 
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
 
 
Can you please take a photo of what you get when you try to boot the computer? Then, attach the photo(s) in your next reply. 

  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Do you still need assistance? 


  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).

  • 0






Similar Topics


Also tagged with one or more of these keywords: shell, spyware, keylogger, windows 11, antivirus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP