Suspected malware or virus.

Just got back from a trip and booted up my PC to find the boot up screen taking significantly longer than before which is quite odd. Haven't updated anything since the last time I touched it so I'm quite worried and would like some help to check it out.

I ran malwarebytes, rkill, adwcleaner and normal windows scan but nothing came up.

I have attached the files from FRST64 for you.

EDIT: Noticed in the Additional file that the Windows Full Scan was stopped. I might have accidentally closed it. That's my bad. Also, uploaded the right text documents this time

Futhur edits: Ran windows scan the full length this time and had nothing come up

Edited by SobaBruh, 20 April 2024 - 04:40 AM.

Hello, and welcome to BC Forums.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

==============

Currently reviewing your logs and I'll be back to you as soon as I am ready. 

Hi, again.
 
The logs do not show any sign of an active infection. 
 
We are going to do some checks to make sure that everything is fine. Also, some maintenance.
 
You can find below my first comments/instructions:
 
 
1. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads.
 
For now, please uninstall the out of date version of Java: Java 8 Update 401
 
 
2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
S4 AmdTools64; \SystemRoot\System32\drivers\AmdTools64.sys [X]
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait. It will take about an hour. 
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

In your next reply please post:

1. ​If you successfully uninstalled Java
2. The fixlog.txt

Hi! I appreciate the help. 

I have uninstalled Java and installed the new version as well as attached the fixlog.

OK, I expected to take longer. 
 
Actually, I asked you to uninstall Java and not install the latest version yet. Not a big deal now, but please try to follow my instructions carefully.
 
Let's see what an online scan will show us.

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

Apologies, didn't realize I should install Java after. 

I ran the ESET as instructed and it had to install an update of some sorts after I hit scan and it abruptly disappeared after it was 2% into the update. I tried running the program again only for it to disappear once more. What should I do now?

For some reason it's working alright for now. It's back on the "Getting ready to scan..." "System is downloading module update...". I will post another reply application closing happens again.

Apologies for spamming the replies. It's not crashing anymore but it keeps going back and forth between 1% and 2%. Should I be restarting my PC and trying to run it again? Or perhaps uninstall Java? Quite confused as to what's going on with it. 

Unfortunately there was a bug with Eset Online Scanner the previous days, and it seems that they didn't fix it yet.
 
We are going to use an alternative tool.

Emsisoft Emergency Kit

• Download and save the installation file from here: Emsisoft
• Double-click on the Emsisoft Emergency Kit setup file to start the installation process and then click on the Install button.
• You may be presented with a User Account Control warning, asking you if you want to run this file. Click Yes to continue.
• The downloaded package unpacks to “C:\EEK” by default and this folder now opens on your screen.
• To start Emsisoft, double-click on the Start Emergency Kit Scanner icon in this folder.
• You may get another User Account Control warning. Click Yes to continue.
• Accept the Licence Agreement.
• When you launch the program for the first time, Emsisoft Emergency Kit will automatically download updates. The Scan tab changes from orange to green when the update process is completed.
• Leave the settings unchanged, which include detection of Potentially Unwanted Programs.
• Now click on Malware Scan in the Scan button.
• When the Emsisoft scan has finished, you will see a screen reporting details of any malicious files found on your computer.(Close the pop up inviting installation of Emsisoft protection)
• Click Quarantine selected objects. (Note, this option is only shown if malicious objects were detected during the scan)
• You may be asked to restart your computer.
• When the threats have been quarantined, click the View Report button in the lower-right corner and the scan log will open in Notepad. The logs can also be accessed in the left hand menu bar.
• Please save this log on your desktop and post the contents into your next reply.
• When you close Emsisoft Emergency Kit it asks if you wish to sign up for a newsletter. This is optional, and does not affect the malware removal process.

We posted our last posts at exactly the same time and didn't see your previous message. 

Delete the Eset Scanner from your Desktop, restart and follow the instructions about Emsisoft Emergency Kit. 

All good. Did as you said deleted Eset and ran the Emisoft Emergancy Kit as instructed in your previous message. Comes up clean. Nothing detected.

Do you still have issues with your computer? 

Things seem to be running a lot more smoothly. Booting up is back to normal as well. If there are no more steps, thank you so much for your help. I would also like to know if there are procedures for uninstalling FRST as well as Emsisoft Emergency Kit as I don't see them in my "add or remove programs". Should I just delete the folder for Emsisoft Emergency Kit and the EXE for FRST64?

Edited by SobaBruh, 20 April 2024 - 08:17 AM.

Glad to hear that everything is back to normal now.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.