Trying to find a virus that is hard to detect that opens programs and files and closes browser tabs


Joined
May 11, 2021
Messages
9
Reaction score
0
i ran farbar and malwarebytes and have some files. People are only telling me to uninstall security software and not telling me why. I noticed that the logs say i have firefox, but i don't. They also say many programs fail to start, but it does not seem to say it was because of avast. it also shows missing files, which i think was due to windows update. i want to find the virus so i can transfer files to a new computer. the new update seems to make it so the battery percentage does not display correctly. Note: some security software displayed in the logs is not running. malware bytes was ran in safe mode, and never has detected anything any of the last 5 years. i also ran eset in safe mode with networking, and it only said avast browser uninstall tool was unsafe.

I suspect that uninstalling all security software is just going to test if malwarebytes will detect anything. i have also found that some software will mark things like garmin software, and various other software as false positives. So far, nothing has detected what is opening and closing things on my computer. If I did have to pay for some tech at a shop to find something, i do not want to pay for them to find nothing, when something is obviously there. I did notice that the cursor moves in airplane mode and at the login screen. i am hoping that somebody has an idea of how to help me resolve this. so far, everyone seems to say "use farbar," or reformat my computer, or use "autoruns." or do what i did already.
 

Attachments

  • Addition.txt
    62.3 KB · Views: 4
  • FRST.txt
    82.9 KB · Views: 4
  • malwarebytes.txt
    1.2 KB · Views: 4
Ad

Advertisements

Joined
Jun 2, 2015
Messages
80
Reaction score
15
Joshuacm~

I'll take a bit of a stab at this ... I'm sure others will chime in with their suggestions they WILL be just as valid ...

I'll try to help as best I can from my experiences...

Some things I have noticed from what you have relayed in this post ...(in no particular order)

1) POTENTIAL multiple security or antivirus software running or installed AT THE SAME TIME ...

You DO NOT want to do this .. haveing them installed and RUNNING ... meaning real-time scanning can and will cause issues as they can and may cause conflicts with each other ... choose ONE to install and to actively scan as you are operating/using your computer is your best bet ... NORMALLY all things working correctly .. windows defender will and should 'deactivate' itself if it detects that you are running a different security or antivirus software...

MOST Antivirus software will ALSO offer to be able to scan the files you download ... BEFORE you run or open them ... I would suggest you use this option rather than scanning when downloading...it saves system resources ...if system resources are not an issue then you CAN keep scanning going ... MOST (not all) viruses won't 'activate' themselves until you run or open a program or file...

2) When you get ANY SOFTWARE .. be it security or antivirus ... or ANY SOFTWARE ... get it DIRECTLY from the SOURCE OR DEVELOPER that makes the software.... a majority of the time getting the programs may desire when gotten DIRECTLY from the developer will be safe .

3) Potential 'false positives' .... this goes hand in hand with #2 above ... if you KNOW the source of the program or file is good and safe ... you're safe... and can potentially safely ignore the warning you might receive from your security software about it being potentially infected.

4) Battery Icon is not correct ... from what I have read there IS an issue with SOME computers and a recent windows update that causes this... I'm not 100% sure which update (it 'seems' to be a Windows 11 update issue) or why this is caused but I have also read that a 'fix' is in the works ...I PERSONALLY don't have nor have I seen this issue on my personal laptop ... or a few other laptops I have serviced that are running the most recent full update for Windows 10 all of which have the FULL update to Version 21H2 of Windows 10.

Hope my advice helps. As I mentioned I'm sure others will potentially chime in here and their suggestions WILL be just as valid as mine so just keep an eye on this thread for other possible suggestions
Good Luck.
~LoneWolf
 
Joined
Oct 13, 2021
Messages
182
Reaction score
10
Change the password just incase uninstall all security (not defender) software except one and then scan with what ever you choose preferably Malwarebytes then have you ever had an email sent to you with a game or anything that has a script of code that is executable?
 
Joined
May 11, 2021
Messages
9
Reaction score
0
i understand what the first person said, but i know that the false positives are exactly that. the windows 10 update does appear to have made the battery percentage wrong. I did not receive any executable files in an e-mail. I once thought a consumer reports e-mail may have taken me to an imitation site to unsubscribe, but the site looked legitimate. other potential sites may have had an ad or popup site, but I am not sure. I know that those times in the past did not bring any hacking or sign of files being opened at the time that it started, and I did not visit any sites with popups since then. I recall that after my Windows Profile was repaired, zone alarm had to be reinstalled, and probably avast was reactivated. Sometime around that time, I clicked on the unsubscribe link in that e-mail. Then I quarantined a virus after the initial activity. But I did not find anything when the activity happened again. I do not know what happened. This computer system is really only 5 years old.
 
Joined
Oct 13, 2021
Messages
182
Reaction score
10
well run Malware bytes then it may also be that your computer may have problems so in an admin power shell run the following command and tell me what comes even if your computer is not damaged do this and tell me what comes up: sfc /scannow
After that finishes run DISM.exe /Online /Cleanup-image /Restorehealth
Also run Microsoft defender offline scan. check your C drive for any unknown folders
AND look in the users folder for any mysterious folders.
 
Joined
May 11, 2021
Messages
9
Reaction score
0
somehow the admin privileges have been revoked mostly from this profile (though it was there originally). i can update malwarebytes, then run it in safe mode again. i can try to run power shell in admin option. . what does the second command do? I think I read that for some reason Defender will not run without some specific settings, but I can try. I had downloaded it for offline use. How do I determine if there are unknown folders? I think that I may have checked for unknown installed programs. But I know I wouldn't recognize all windows folders.
 
Ad

Advertisements

Joined
Oct 13, 2021
Messages
182
Reaction score
10
Have you thought about a clean install because whether or not there is a virus it sounds like your computer is messed up.
 
Joined
May 11, 2021
Messages
9
Reaction score
0
Somebody suggested this, but the battery may not be fully functional due to windows shutting down when it is saying it is almost fully charged, and loading back up at 8%. It seems logical to try to find what is wrong instead of investing more in this computer so I can put everything on the laptop I bought in August, which can no longer be returned. Windows updates keeps erasing drivers and files from the old laptop. I think there must be some resource to solve this. In vista, I had used the solution about reinstalling windows when systems were infected but they keyboard function stayed problematic, and we had to just restore files and, and then put security programs to try to protect against viruses. This doesn’t actually solve the problem, but just tries to help take care of the system and is a partial solution. I do not want to just use the old one temporarily until the power runs out, nor transfer a hidden virus to the new laptop.
 
Joined
Oct 13, 2021
Messages
182
Reaction score
10
Get a repair disk and repair it and if that does not work use a installation disk and when you have booted to installation disk select repair my computer after you select the language. Also try and create an admin account using information found here.
 
Joined
May 11, 2021
Messages
9
Reaction score
0
Someone once said to try to use a USB bootable media when the profile was corrupted to repair windows. There is a 50% possibility that when it was repaired that that contributed to how this virus got on my computer, since that time the firewall was uninstalled, and the antivirus was likely disabled. I do not really know. How would I get a repair disc or installation disc? I do not have access to DVD-Rs where I am at. I do have two admin accounts, and only one I have a password to, as one I forgot the password. The current user account was previously an admin account, but I don't know how to restore the administrator privileges. I am wondering how to keep all important files. Many people say to back them up, then scan the external drive, but the fact that software is not finding where the infection is is not helping at all. It seems clear that it is unknown what kind of virus this is (whether it is an executable file, or some kind of script, etc). I am also aware that it is pretty hard to get ahold of Microsoft support these days.
 
Joined
Sep 26, 2017
Messages
2,768
Reaction score
543
I ran across a PUP/PUA infection the other day on a client's computer that took awhile to clear, it was in the System Volume Information file which is usually Hidden. Windows Defender finally got it quarantined, had to do with the Ask.com toolbar.
 
Ad

Advertisements

Joined
Oct 13, 2021
Messages
182
Reaction score
10
Create a windows to go flash drive or preferably ask a friend to do it on there computer (I can supply the details) Then boot to it. It will be like booting to a brand new system set it up then use it ONLY to scan your drive for viruses BUT MAKE SURE YOUR FILES ARE BACKED UP FIRST I DONT KNOW WHAT REMOVING A VIRUS COULD DO TO YOUR HARDRIVE IT WILL PROBABLY SURVIVE BUT I DON'T know. Anyway use the custom scan on microsoft defender to scan your pc harddrive.

If none of that is possible at the moment Then could you please login to your full admin account uninstall all other security software and do a microsoft defender offline scan. If that does not work than reset your pc via settings.

By the way how do you know that you have a virus honestly it sounds like your pc is in very bad shape.

Also I would not suggest this but maybe you should have someone work on your pc remotely (like maybe me but that would only work if you trusted me but I can do that if necessary).
 
Joined
May 11, 2021
Messages
9
Reaction score
0
I really understand some of what you are saying, but i am really skeptical of backing up everything from a potentially infected system before removing the virus. i have a lot of stuff backed up already, but not everything. Some things needed to be downloaded before it became clear that this was infected. It looked like a hacker to me initially. The only Microsoft Defender that seems useful potentially is the offline scan since the other one seems like it does not find anything. It seems like there was something that i read about that before though that seems like it might be problematic to do that. I do know that I have an administrator account that i have a password to (assuming you don't mean the built in one). I still do not know why the infected one has the privileges removed). I would use the phrase that if it walks like a duck, it must be a duck. files and programs don't open by themselves with the cursor (even in airplane mode), and then the cursor doesn't do that in airplane mode by itself, then also the cursor wouldn't constantly move vertically in the login screen by itself. That is very odd behavior. I had seen the command prompt window open constantly as well, and lagging of the keyboard as well, but that could be a separate issue. At one point, I thought it may not involve a hacker at all, but something like some sort of macro virus, that moves the cursor in a pattern offline in a clicking pattern, as I had used macros in online gaming before, but it wasn't a virus. But the fact that it seemed like potentially it moved to reconnect to wifi within the airplane mode, I am not sure. I know that before quarantining some trojans, I found a URL opened in my browser to a specific website that was not a popup, and it showed coordinates that was clearly tracking some location. That does not happen anymore, but I know this thing opens programs in the taskbar, then files on my desktop, and also opens HP support center, as well as some program that shows Microsoft accounts that I didn't know existed. It has seemed to move certain windows down to the bottom of the screen when I try to figure out what is running in the background at times. I think there is probably a virus that allows a hacker to do things that is undetected, and not just something that allows some kind of cursor/clicking macro. It may have reprogrammed airplane mode, but I am not sure. I really would like to make sure that no file is infected before moving them to the external hard drive. I know that many files are backed up, but I probably need to check and make sure that they are. Something that i need to do is sync my phone with itunes correctly since my phone is not properly synced. That is another problem. I really need to remove the virus, and not just erase my computer. It would help if i can do that, then move everything since this system has become more incompatible due to windows updates.
 
Ad

Advertisements

Joined
Oct 13, 2021
Messages
182
Reaction score
10
I think this may sound silly but have you thought about the fact that the virus is programmed to reveal itself to you and dare you to remove (its funny I know but its But thats just a suggestion You must follow previous instructions and do exactly as i said Run the offline scan for defender and try searching your drive for any unknown files but whatever you do you must run the offline scan before you answer and tell me what happens
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top