Skip to main content

Protruding, Subclass, Lament, Solway & Sweethearts Virus

Comments

12 comments

  • Support


    Hi muursimon,



    There is a rootkit in the computer and such types of malware are complicated to remove, sometimes even impossible without reinstalling Windows. I can try to help you remove the rootkit, but often it's faster to reinstall Windows.



    If you want to try to remove it:



    1. Please, fetch RougueKiller: http://www.adlice.com/softwares/roguekiller/

    Scroll down to the bottom and find the header "Download".

    Press the download button after the text "Portable 64 bits".

    Please, save RougueKiller on the Desktop.



    Turn off all running programs and remove any external drives and other devices connected with USB etc. except mouse and keyboard.


    Start RougueKiller. If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.


    Click on "Scan" button to the right.

    Wait until the scan has finished (usually 10-30 minutes).

    Click on "Open Report" button.

    A report will be created.

    Please, post it in your reply.



    Exit the program and restart the computer.

     



    2. Save TDSSKiller on the Desktop: http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe


    Turn off all programs.

    Run the program TDSSKiller.


    Click on Start Scan.


    If any malicious objects are found select Cure and click Continue. If Cure isn't available select Skip. If any suspicious objects are found select Skip Do NOT select Quarantine or Delete.

    The computer might need a restart.


    Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

    0
  • Customer


    Hi CelciiaB,



       Thanks for your help.  It appears that neither of the programs found any virus though the RougueKiller did produce some names that seemed suspect.  But per your instructions, I didn't do anything.  I,ve attached the reports for both of the programs.



       Any suggestions for me or am I just to reinstall Windows?  Thanks,



    Murray



     


    Scan Report 1_28_2018.txt

    TDSSKiller.3.1.0.16_28.01.2018_08.51.37_log.txt

    0
  • Customer


    I reran the RogueKiller and deleted all the threats it indicated.  Nothing changed.



    This virus is very strong.  I have Adaware installed and It won't let me install AVG over it.  It also won't let me restore Windows 10 or install from a new download of Windows 10.  I think that the only solution is to format my HDD and start from scratch.  Problem is, I will have to buy a new Windows 10 because I don't have a product key from my update from windows 8.  In task manager, the number of occurrances gets as high as 240, at which time I must reboot.



    Murray

    0
  • Support


    Sorry for the late reply, I've been very busy today.



    Please, run RogueKiller again and attach the new log file to let me see what is still there, if you want to try to clean more.



    You don't need to buy Windows 10. When you upgraded from Windows 8 to 10, Microsoft stored the computers hardware id in its database as a hardware id that is validated for Windows 10, and you can also link the your Windows installation to a Microsoft account, see here:
    https://support.microsoft.com/en-us/help/12440/windows-10-activation
    https://support.microsoft.com/en-us/help/20530/windows-10-reactivating-after-hardware-change



    If possible use another computer to download Windows 10 from here: https://www.microsoft.com/en-us/software-download/windows10

    When you've Windows 10 on a DVD or on an USB flash drive, you've to boot the infected computer from the DVD or flash drive and then the infection can't stop you since it isn't running. During the installation you should use the customized installation and delete everything on the hard disk. Be sure to have a backup of all important files on the computer first.

    0
  • Customer


    Hi Cecilia,



       I've decided to just reinstall windows and not spend more time cleaning.  But I did run RogueKiller one more time & attached the report.  I downloaded the Windows ISO from the infected computer and created the DVD to boot from.



       Di you work for AdAware? 



    Thanks for your help so far,



     Murray

    0
  • Support


    Hi Murray,



    I understand you, it's always best to reinstall Windows when it's a rootkit infection. You forgot to attach the log files but I don't need to see it when you'll reinstall Windows.



    I'm an unpaid volunteer here since I like to help people and specially with infected computers.



    You're welcome

    0
  • Customer



    Quote




     





    Actually, what happened was that the windows.iso file on a dvd was not recognized by my computer as a boot device so I unzipped the file to a DVD using Winrar and just ran the setup., which is running now.  I do hope it continues to run which it appears to be doing.  (I attached the latest RogueKiller report.)



    Murray



    Scan_1_29_2018.txt

    0
  • Support


    I hope that you can do a proper clean installation of Windows when you start the installation while you're running Windows, but I'm not sure. The usual way is to use the Media Creation Tool on https://www.microsoft.com/en-us/software-download/windows10 (Using the tool to create installation media to install Windows 10 on a different PC) to get a bootable DVD with the correct files and folders. As I wrote in another post, it's important to delete everything on the hard disk before installing Windows 10, otherwise the rootkit might survive.

    0
  • Customer


    I was able to install a new version of Win. 10 and it is up & running with no sign of the virus....(If I believed in a god, I would thank him.. but I have you to thank.)  When the install started, it gave me a few options & I selected the one to not save anything.  So it ran and when finished, it had deleted all the Programs but didn't delete all the other files on my HDD.  A shock but not a disappointment.  Of course it is always a long process to restore all progams but that is for the best.  A good cleanout pays off.  Unfortunately, I didn't think to save my bookmarks in Firefox but I had an older version that had many of them except for the ones I saved from the last couple of months.



    So Thanks again Cecilia,



    Murray

    0
  • Customer


    Update on my install.  I ran Adaware and it did find 7 viruses of the ones that started this whole thing for me.  They were in a directory named "Windows.old".  Apparently the install didn't delete the WIndows that was on the drive but renamed it.  Adaware then deleted them where I couldn't do it.  So, all is well....so far!



    Murray

    0
  • Support


    Murray, you're welcome



    When Windows.old is created, it's usually a folder in C:\ where you can fetch files that you missed to backup. You can try to find your lost bookmarks in it and Firefox usually stores them in the folder Users\account name\AppData\Roaming\Mozilla\Firefox\Profiles\profile name\several files starting with places. You can try to copy those files into your current Firefox profile folder (make a backup of the current one first). Note that AppData is a hidden folder, you need to configure Windows Explorer to show such files and folders.



    Files inside Windows.old are harmless.



    Since Windows.old was created, not everything on the hard disk was deleted and I recommend that you run RogueKiller to check that everything is gone.

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.Everyone else please begin a New Topic.Thank you !

    0

Please sign in to leave a comment.