Hello, I have factory reset my pc a few times now to hope the virus goes away. I run autoruns to check if the windows defender is signed or not. But its not signed and i think i am being keylogged and spyed on. I think the core of my pc has been infected. I do not know how to remove this fully. (Cant delete the microsoft defender files) ( The files are being downloaded automaticly and antivirus is not controlled by me. I had lots of transactions on my paypal account lately that wherent me aswell. Hope someone can help me!!
Hijacked Windows defender [Closed]
#1
Posted 17 November 2023 - 10:36 AM
#2
Posted 17 November 2023 - 10:42 AM
If you did a factory reset, then it is unlikely for the system to be still infected. Let's check some logs, to better understand what is happening.
Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
- Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply.
(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)
#3
Posted 17 November 2023 - 11:05 AM
Thank you. I ran the tool here are the attachments:
Attached Files
#4
Posted 17 November 2023 - 11:49 AM
I'll need some time to review your logs, and most possibly be back to you within 24 hours.
Meanwhile, please move FRST on to your Desktop.
Also, adhere to the guidelines below:
1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
#5
Posted 17 November 2023 - 01:52 PM
Hello.
You have used so many security programs (some of them have still a significant amount of remnants), I am not surprised you have issues with your computer! And obviously, you did a lot after the factory reset, so my statement above that doesn't apply here.
We must start from somewhere.
1. McAfee removal
- Download the Revo Uninstaller (Free Download) and save it on your Desktop.
- Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
- Double click the program's icon to open it.
- Write in the search area, on the top left, the following program:
WebAdvisor by McAfee
- Choose the Uninstall tab from the menu and let the program to create a Restore point.
- Choose Scan, and then the Advanced mode scan.
- Select all the McAfee items found, Delete and Next.
- Let the procedure be completed and click on Finish.
- Restart the computer.
- If uninstalling McAfee ran smoothly
- A reply about the system date
#6
Posted 18 November 2023 - 01:02 PM
#7
Posted 19 November 2023 - 03:23 AM
Hello, i watched some youtube video and they told me to close some stuff in task manager, I think it was called svchost. Now my computer is in a infinite boot. (Also cant go into bios)
That is why I asked you to adhere to the basic guidelines of this forum!
#8
Posted 21 November 2023 - 02:03 AM
Do you still need assistance?
#9
Posted 23 November 2023 - 12:39 PM
Similar Topics
Also tagged with one or more of these keywords: shell, spyware, keylogger, windows 11, antivirus
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users