[SOLVED] Not sure if I'm posting in the right section

Status
Not open for further replies.
F

flipper26

Well-known member
Joined
Dec 4, 2023
Posts
60
My machine is a 2019 ASUS ROG Strix laptop running Windows 10. Around Nov 22, I got a message on my screen that a file was infected with a virus and to shut down immediately. I was in a hurry and didn't verify the message first. When I rebooted, I got a message on the screen that said something like, "Hello, don't worry we got you...." It seemed suspect so I immediately shut down. Since then I've been unable to start up properly. Sometimes I get to the login screen, login and then I get the black/blue screen and Windows just grinds and grinds. If I continue to let it run, occasionally a message will pop up that itunes has an update, if I click on it it's back to the black screen. I've tried to run scannow and DISM but scannow says corrupt files have been found but Windows couldn't repair them. I've used Hitren on a USB to do a live boot and used the ESET Online anti-virus scanner. It claims to have found and cleaned a Trojan and subject scan shows up clean but I still have the same issues starting up however now instead of going into the login in screen it seems to immediately login as Administrator and then go to the blue/black screen and just grind (again if I let it run for hours occasionally a program pops up on the screen but I can't go any further).
I've looked at the CBS log file and searched for the word "corrupt" but I can't really find anything that seems like it's a big problem (I'm new at this so probably much more here than I realize). I'm attaching the CBS log file and hoping someone can help me.
I downloaded the BSOD collection app onto a USB drive and copied it to my laptop, Documents folder but it won't run on the laptop - "The application failed to start because it's side-by-side configuration is incorrect", which is why I have no BSOD data to attach.
I have a backup of my data but am trying to avoid re-installing all my programs, hence my desire to recover the machine to it's previous working state.
Thanks and apologies if I've not posted in the correct place.
 

Attachments

Hi there,

I am axe0 and I will be helping you with your computer problems.

Please note, considering your situation the following will be a rather long list of instructions to get more information on the exact state of your computer.

If you have any questions, please do not hesitate to ask.

Please follow these rules
  • Refrain from making changes to your system, unless instructed to, so I know the exact state of your system. This includes installing or uninstalling programs, deleting files, modifying the registry, running scanners or tools of any kind.
  • Follow the provided instructions in the order they are posted.
  • If you have any problem with a tool or instructions, or have questions, please stop and ask me before moving on.
  • Do not run any tool more than once, unless instructed to
  • Copy and paste log files inside your reply, unless otherwise instructed.
  • Make sure to use Notepad for all logs, ensure Wordwrap is unchecked. In Notepad, click Format and uncheck Word wrap if it is checked
  • Share as many details about your problem as possible, the more you share the easier it will be to solve your problem.
  • I may not reply immediately because these logs can take some time to analyze. If it takes more than 48 hours you'll be notified. Feel free to PM me with a link to your thread if you haven't received a reply after 48 hours.
  • Please try to reply within 24 up to 48 hours to ensure quick and efficient removal of malware. If there's no response from you within 3 days, I will bump your thread. If there hasn't been a response from you after 5 days then your thread will be closed.
  • Stick with me until the end to ensure there are no remnants of malware left. When there is no malware present you will get a confirmation from me.

===============================================
Do you have a USB drive you can use and another clean computer?

If you have a USB drive and can access a clean computer, please do the following in the order it is posted.

Vaccinate USB drive to prevent infection
Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean computer.
note: the download mirror is called MajorGeeks and the download should start automatically. please do not click any advertisements.
  • Insert your USB flash drive into the clean / working computer
  • Double-click on USBVaccineSetup.exe to install the program
  • Select your language, read and accept the agreement to continue
  • Choose if you would like the program to run at all times, and for all newly inserted USB drives
  • Click Next then Finish to complete the installation, the program will launch
  • Select your USB drive from the list, then click Vaccinate USB
    note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely
  • A message should appear that your USB drive was vaccinated. If not please report the error in your next post
Download Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool from the clean computer and save it to the USB drive.
Insert the USB drive into the infected computer.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Start by shutting down your computer.
  • Press on the power button on the case to turn it on.
  • After the computer is about 3 - 5 seconds into the boot-up process, hold down the power button to shut down the computer.
  • Repeat the above process once again.
  • For the third time, turn on the computer and allow it to boot up.
  • If you completed the process correctly, a message saying "Preparing Automatic Repair" should appear.
  • In a few seconds, another message will appear stating "Diagnosing your PC" and Automatic Repair will open.
  • When you reach the Automatic Repair screen, click on "Advanced Options."
  • At the next screen, select "Troubleshoot."
  • When you see the next screen, select "Advanced Options."
  • Select "Startup Settings", then "Restart".
  • After the Startup Settings window appears, hit the "4" key on the keyboard.
  • At the next login prompt screen, enter your password for your computer.
  • If the Safe Mode opens properly, the desktop should appear with "Safe Mode" in each corner of the desktop.
  • Open the FRST program on your flash drive. Click on Scan. When the scan is complete two notepad files will open (FRST.txt and Addition.txt)
  • Please copy and paste them to your next reply.
===============================================

In your next post
In your next post, please include the following. Make sure to copy and paste any requested logs unless asked to attach it.
  • Do you have a USB drive and have access to a clean computer?
  • If a USB drive and clean computer is available:
    • FRST.txt
    • Addition.txt
 
Hello axe0,
I prepared the USB and downloaded the Farbar software. I'd previously been booting into the laptop using a USB drive. I shut down the laptop and tried to get into "Preparing Automatic Repair" by doing the 3 shutdowns as you describe above. This has failed with this error message. When I closed out of the USB drive, I used the option at the bottom left of the screen for shutdown. I'll wait for further instructions before doing anything else. Thanks for your help.

1701711075531.jpeg
 
Hi,

The USB drive you use to boot with, what is on it?
 
Hiren's live boot does come with some Utilities. I was able to use the Anti-virus from it to scan the laptop. It also has Chrome, Firefox, File Explorer and several other things.
 
Please put installation media on the USB that has FRST on it and try to boot from the USB. Make sure FRST is still on this USB as we may need it. We're going to use this USB to get into the recovery environment.
Windows 10 Installation Media
 
Go through the installation process, before the option install now you should see the option Repair your computer in the left corner down. Click on that option and click Troubleshoot. You should now enter the Advanced options.

In the advanced options, choose Command Prompt. Do the following when you see a command prompt
  • Type notepad and press enter
  • Notepad will open. Click on File in the menu and select Open;
  • Locate FRST, right click FRST.exe or FRST64.exe (for 64 bits version) and click Open
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy/paste both logs in your next reply.
 
I have run the FRST on the laptop (64 bit). I could not find any file named "Addition.txt" but I am attaching the file FRST.txt
Thank you.
 

Attachments

I have done some research on how to use the FRST tool and the "Addition.txt" will not be created if you are running the application in the Recovery mode.
 
Hi,

While looking over your logs, I noticed a couple of entries of concern.

There are entries of multiple antivirus solutions, torrent software and cracks in your log.

Sysnative Forums does not condone software piracy. Downloading and using such software, apart from being illegal by infringing on copyrights, is a MAJOR attack vector for malware. If you use such software, it is not a question of "IF" your computer will be infected, but only "WHEN", and by HOW MANY different variants of malware!

If you are not aware of these program(s), then you will have to accept that, as a part of my "fix" for your computer, the disinfection scripts and utilities will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licensing requirements detected in the scan logs. Some of the anti-malware tools that I use will automatically quarantine software "cracks", without notice, so if you are not willing to take the chance of one or more "cracked" programs being disabled, please let me know right away.

If this is not acceptable to you, then please let me know so this thread can be concluded.
 
Thanks.

Please allow me a few days to fully analyze your FRST log file.

Because FRST ran in a recovery environment, it generated a longer log than usual and that takes a bit more time to go through.
 
Hi,

In the advanced options in the recovery environment, you should see an option to change the startup settings that lists safe mode. Choose that option.

Can you try booting in safe mode via any of the mentioned options and let me know whether you can get into Windows successfully?
 
I can hit the power button then F8 continuously. The screen then shows the screensaver picture, Administrator and the circling dots and eventually it's goes to the screen where I can select Safe Mode. If I hit Safe Mode it takes a few minutes and goes into the Safe Mode with Safe Mode displayed in all 4 corners on the screen. At the bottom of the screen there's a little box for Search now but otherwise the rest of the screen is blue.
 
Last edited:
Can you post a picture so I can see what you see?
 
I hope it's good enough that you can see it.
 

Attachments

  • IMG_1840.jpg
    IMG_1840.jpg
    36.3 KB · Views: 5
Since I was able to access Safe Mode, I ran the FRST tool again and was able to generate the Addition.txt file. I've attached that file and the FRST.txt that was generated at the same time. Thanks.
 

Attachments

Status
Not open for further replies.
Back
Top