Solved Pretty sure our laptop has a virus/malware but don't know what to do - need step-by-step instruction

Let's try couple more tools...

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
Just got your message now - thanks - and will try the steps indicated but wont' be able to do it for some time as I've got other pressing personal things to attend to. I'll let you know asap that I've completed the step..............
 
So I've had a chance to go over the steps for creating a restore point and I don't have this tab at all when I go into the system. The System Protection tab doesn't appear at all. I only have the 4 other tabs........not sure what to do.

Create-Restore-Point_thumb.png
 
Hi - Sorry I've managed to get my task manager back as I figured out a couple things.. I've noticed that each time I restart the computer in normal mode my task manager access is denied. I then go back to safe mode , run malwarebytes scan and the following file keeps on getting detected and removed. Let me know if you have any suggestions.

Registry Data: 1
PUM.Hijack.TaskManager, HKU\S-1-5-21-3773202632-424774445-890114178-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[a04d949ebbd08aac2934fd74669f40c0]
 
I did manage to get into the task manager and under the Startup table "disable" all (the instructions were in post # 88 - I think). I did restart the computer and was again taken back to the "blue" screen fake error message.
 
So I've managed to have an account with admin rights and ran the Malwarebytes Anti-Rootkit. However it stated that there was no maleware detected. I rebooted in normal mode and , yet again the one of the original messages comes back. I'll post in in the next message. So that's where I'm at now.
 
  • Download Sophos Free Virus Removal Tool and save it to your desktop
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
So I can't use Sophos Virus Removal Tool can't be used in safe mode. The message I received is:

Windows Installer

The Windows Installer service is not accessible in Safe Mode. Please try again when your computer is not in Safe Mode or you can System Restore to return your machine to a previous good state.
 
Please click HERE to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button
    p4484522.gif
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button
    p4484523.gif
    then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.
 
Says can't install driver......then next pop-up window states:

Reboot is required

Extended monitoring driver is required for more advanced threats detection.

Press "Reboot now" button to install driver and reboot, or
"Continue" to run the program in standard mode.

So which should I do?
 
So I did reboot and the initialization process started when I'm in normal mode. Should I stay in normal mode for the scan?? As well, as far as the following is concerned, there isn't the same options as describes in the post above - my comments follow.

Click on Settings button
6b3JwkT69PWxALvYGrtuPkoAIK_8GCoCCmQr7jexYIjRSoj6IJpYketr7c9j2Q0WZtD4Pd3zL3Jp7XTxtU_atWeGKAA=s0-d-e1-ft

  • In Scan scope leave pre-checked items as they're and also checkmark My Computer - I can add an object here
  • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection - there is not action checkmark or tab
 
The program wouldn't let me copy any of the report and was not laid out as you've describe. Ran the scan as indicated and some files were quarantined. Again, as soon as it was done the error message came back up and of course task manager has been disabled by administrator. So I'm quite sure that the virus/bug whatever is still there....
 
Thanks for all of your help- did some more reading and talked to a few people and have finally resolved the issue. Thanks again.
 
For me it was resolved as I talked to a few friends, gave the computer to a friend and it was returned it in working order....as long as it's working right....problem solved. Thanks again for your help.
 
You must log in or register to reply here.

Similar threads

Scorpus
Intel lifts the lid on Arc laptop GPUs, here's what you need to know
Replies
15
Views
3K
meric
M
Julio Franco
Thinking about buying refurbished tech? What you need to know
Replies
11
Views
2K
lazer
lazer
monrayl
  • Locked
Solved I have a virus on my PC, I cannot identify it and I don't know what to do next
2
Replies
46
Views
15K
Broni
Broni

Latest posts

Back