Maelstrom of malware has rendered a friend's computer practically inoperable

MercuriallyWell

Commendable
Aug 3, 2016
2
0
1,510
0
So, a friend of mine went to download an emulator and has ended up with what appears to be a boatload of different malware. It has rendered him inoperable of most functions, save from clicking OK on a prompt box, moving his mouse, and Alt+Tabing. I've been able to identify a couple of malicious programs:
1. 1 877 256 3313: One of those phony 'you need to call Microsoft technical support' windows, with one particular peculiarity. This window usually indicates an infection in the browser, but for him it pops up immediately upon booting to the desktop.
2. Project1.exe: From what I've gathered, it's a remote access program usually installed by hackers. He hasn't experienced any foreign movement, but it prevents him from shutting down any other way than by a force shut down.
3. There were some other miscellaneous programs, advertisements by the looks of it, popping up in the corners of the screen and in the Alt+Tab. Nothing I can name right now, but it indicated there were more programs other than the two I mentioned.
He was barely able to get into a place where he could reboot the computer into safe mode, as he was blocked by a few programs every time, and when he did manage to get it to restart, it got him stuck on a "Please Wait" screen perpetually. And, since he's running Windows 10, he can't F8 on restart anymore to get it into safe mode. Also notable, it's acting like he hasn't activated his Windows when he has. He's thinking he's going to have to get a new hard drive and operating system, is there anything less drastic he can do? Screenshot of the desktop here: http://imgur.com/a/JqV4P
 

Saga Lout

Olde English
Moderator
So one of the invaders has disabled the Windows R facility. The workaround for that is to turn the machine off by the power button, turn it on again and repeat that until Windows 10 gets fed up with it and offers him StartUp Repair options.

Choose the Command Prompt optiion and try to invoke the Administrator account then, hopefully, proceed as above.

I suggest he disconnects from the Net from here on so forget MalwareBytes for now and just depend on Defender.
 

Saga Lout

Olde English
Moderator
Tell him to press his Windows key and R at the same time. In the black form that shows up, at the Command Prompt type
net user Administrator /active:yes
then hit the Enter key. If he gets the confirmaiton message, type exit and hit Enter to close the form. Restart the computer and this time, log in as Administrator.

In Control Panel>Windows Defender and check it's upt to date then run the scan and while its doing that, download MalwareBytes from www.malwarebytes.org. The free one with no 30 day trial option will do for now.

When Defender completes the scan, run the MalwareBytes and when that's done, restart and try his own login.
 

MercuriallyWell

Commendable
Aug 3, 2016
2
0
1,510
0


Okay, told him to do this. Windows Key + R doesn't do anything. Some new information: the black screen showed in the previous screenshot isn't actually his desktop. For a split second, when he boots up his computer, he can catch a glimpse of his actual desktop before the black screen covers all but the windows support screen. Also, it was revealed in the Alt + Tab that there is a browser running which appears to be the source of that first error message. However, I had him do the Windows Key + R thing and it doesn't appear that the run window pops up when he checks his Alt + Tab. So, it would appear that to do anything, he has to get past this black screen.
 

Saga Lout

Olde English
Moderator
So one of the invaders has disabled the Windows R facility. The workaround for that is to turn the machine off by the power button, turn it on again and repeat that until Windows 10 gets fed up with it and offers him StartUp Repair options.

Choose the Command Prompt optiion and try to invoke the Administrator account then, hopefully, proceed as above.

I suggest he disconnects from the Net from here on so forget MalwareBytes for now and just depend on Defender.
 

bicycle_repair_man

Honorable
Jan 10, 2014
85
0
10,660
22
If the situation is that bad, I'd just perform a clean installation of Windows.

Your friend should use this as a lesson; get some anti-virus software and don't download dodgy software.
 
Thread starter Similar threads Forum Replies Date
frostin71 Antivirus / Security / Privacy 4
Me. Opanak Antivirus / Security / Privacy 1
S Antivirus / Security / Privacy 1
DCB007 Antivirus / Security / Privacy 4
N Antivirus / Security / Privacy 5
Nighty_z Antivirus / Security / Privacy 5
Ginko-san Antivirus / Security / Privacy 37
K Antivirus / Security / Privacy 2
A Antivirus / Security / Privacy 1
L Antivirus / Security / Privacy 1
N Antivirus / Security / Privacy 6
F Antivirus / Security / Privacy 2
T Antivirus / Security / Privacy 2
G Antivirus / Security / Privacy 2
D Antivirus / Security / Privacy 1
A Antivirus / Security / Privacy 1
R Antivirus / Security / Privacy 1
C Antivirus / Security / Privacy 2
D Antivirus / Security / Privacy 3
A Antivirus / Security / Privacy 5

ASK THE COMMUNITY