Malware hunt gone wrong... Help!

Aug 4, 2017
6
0
510
Best answers
0
When it happened?

I had just finished restoring immunizations from recently added "Spybot" (I'll explain why later), and because I know next to nothing about what was quarantined (from yesterday's scan), I opted to restore that as well (note: they were all usage tracks, nothing more), when asking about each file for confirmation (was still reviewing the first file, at the time of the "incident"), I was also searching google for a better understanding of what the heck it was I was about to restore, suddenly google stopped loading, aaand.... BOOM...BSOD...

"SYSTEM_SERVICE_EXCEPTION"

Why was I doing this?

Well some background may help, I Received a virus a few weeks back, from an infected DDU download file ("Win32.Vigram.A"), fortunately defender caught and removed it, but I have since then started a war, cleaning my computer and attempting to root out any possible lingering threats. Some of the programs i used include: Adwcleaner (found 7, I believe??), ESET (found and quarantined a couple other things), Hitmanpro, Malwarebytes, switched to kaspersky, ublock origin, couple other things? (I did save some of the scan logs, if interested in results)... Now, about a week later after sifting through a bunch of recommendations, reviews, and combos. I have decided on:

NOTICE (#1= Why restore?):

1) "SpyBot's Windows 10 privacy software" -- (NOT SPYBOT SAD2! - but like the idiot I am, that is exactly what i got instead-- which is just bloat in culmination with the rest listed below.)--- Thus, that is the reason for restoring all of the changes it's made, to prevent issue with uninstall.


2) Windows Defender Antivirus as main AV/AM/AS etc. (W10 Creators)


3) Windows Firewall as always


4) Kaspersky anti-ransomware tool for business free


5) Malwarebytes anti-exploit free


6) uBlock Origin (proactive safe web)


7) Malwarebytes free for on-demand scan

8) Glasswire
 

Thus far I have taken care of 3-8: i wanted to remove spybot before continuing on to removing Kaspersky AV and switching back to defender.

My best guess is that when i removed the immunizations a massive change was recorded and adjusted in SYSTEM32 (as was noted at bottom of screen by either kaspersky or glasswire, idk which), but because I was not prompted to restart I just continued on.... but then again, i may be way off base here, and it may be something more deeply rooted, once again i have no idea what the heck i am talking about, but these are my observations....

Sorry about the long post, i hope this was an appropriate post for here. If additional information is required please let me know! Any help/recommendations/Input as to how I should proceed is welcome!

Thank you!

EDIT: I have since restarted my computer... first thing I noticed was that it took a few minutes for desktop background (slideshow) to show up.

IMPORTANT UPDATE: After 20-30 minutes of browsing, my computer is now showing a BSOD... again  
 

camieabz

Distinguished
Jan 29, 2001
90
0
18,610
Best answers
5
I would boot to safe mode and examine the startup programs list using MSconfig or CCleaner. Disable any of the programs that you want disabled, and try a reboot. If that 'seems' to help, go back into safe mode and uninstall each program, and reboot back to safe mode. Uninstall, reboot, uninstall, reboot. Don't do many at once.

If you can't get to safe mode you'll need to look into Windows repair.
 

aldan

Honorable
Apr 15, 2013
320
0
11,010
Best answers
45
try a system restore to before you did this and get rid of spybot.this program hasnt been relevant for quite some time.all you should need is the windows firewall,defender (i use avast free),and malwarebytes.more antimalware programs do not equal more protection.did you in fact register some infections with these programs and if so,what were they?
 

smashjohn

Prominent
Aug 14, 2017
52
0
610
Best answers
10
At some point you just have to throw in the towel and perform a fresh install. Sometimes when viruses infect certain files, the cleaners quarantine or remove those files, but they are critical to windows operating correctly.
 
Aug 4, 2017
6
0
510
Best answers
0
@camieabz ok, thanks, I'm doing it now. No problem in startup, but I did disable Spybot and Shadowplay...
On to the uninstall of spybot, I am currently going through the quarantine list (painstakingly slow), since once again I have to search everyone...

Should I just restore all of them, and scan again later with my desired programs?

Or would it be better or safe to purge all of them, and possibly use sfc/scannow down the road if there's an issue?

Any experience with this and what I should do?

Thanks again for helping.
 
Aug 4, 2017
6
0
510
Best answers
0
Upvotes all around! Lol, that was kind of an accident, but thanks for the responses!

@aldan

I just went ahead and followed the first suggestion and undid, all of the changes I have made, because to your point; it's not worth it anymore. Then I uninstalled it in safemode with revouninstaller.

Though, if problems stil persist, i will definitely follow your suggestion and go to a previous restore!

And how do you mean by did i register infections with these programs??
Like, did they report any infections, or were they reported as infections?? Ooor am I way off?
Sorry for the confusion.
 

aldan

Honorable
Apr 15, 2013
320
0
11,010
Best answers
45
no,did these programs find any infections?if not i wouldnt worry.if in doubt run windows defender scan and a mbam scan and quarantine away so to speak.if nothing found,no worries.
 
Aug 4, 2017
6
0
510
Best answers
0
@ aldan

I gotcha. Yeah, as noted above, over the last few weeks (all of which were quarantined) with like 16 from adwcleaner, and a few more from eset...
Problem was not fixed, however :(
I posted a new thread for the NEW issue, but you would just need to look at the 1st paragraph/TL;DR, the rest you know...

But ultimately, I followed your advice, and wound up restoring my PC, BSOD'S stopped, but TOTAL freezes began + and more serious glitching (i.e. internet no longer auto connecting + and disconnecting while updating MWB (got it through eventually)...
Possibly some light though, time after switching back to defender, and running initial quick scan, and a restart, I was notified that...
"Trojan:Win32/Bitrep.B" was detected - Threat level: Severe
Quarantined... Full scan/Offline scan - nothing... I haven't done anything since.
Also "performance and health" displayed that 1 or more apps have stopped working - with an option to troubleshoot.
Am I safe? What now?
 

boju

Distinguished
Jul 7, 2008
724
0
20,010
Best answers
115
MERGED QUESTION
Question from ThatOneCollegeGuy96 : "Trojan detected! - Windows 10 Defender- "Trojan:Win32/Bitrep.B"!! What next??"







The link i posted was to demonstrate ddu being detected as a false positive, youre not the first to discover. With all the scans and multiple rounds of registry clean ups have done more harm than good.

Should do a fresh install of Windows
 
Thread starter Similar threads Forum Replies Date
Ginko-san Antivirus / Security / Privacy 37
Paul Wagenseil Antivirus / Security / Privacy 0
K Antivirus / Security / Privacy 2
A Antivirus / Security / Privacy 1
L Antivirus / Security / Privacy 1
N Antivirus / Security / Privacy 6
Marshall Honorof Antivirus / Security / Privacy 0
F Antivirus / Security / Privacy 2
T Antivirus / Security / Privacy 2
G Antivirus / Security / Privacy 2
D Antivirus / Security / Privacy 1
A Antivirus / Security / Privacy 1
R Antivirus / Security / Privacy 1
A Antivirus / Security / Privacy 0
C Antivirus / Security / Privacy 2
D Antivirus / Security / Privacy 3
Marshall Honorof Antivirus / Security / Privacy 0
A Antivirus / Security / Privacy 5
R Antivirus / Security / Privacy 3
W Antivirus / Security / Privacy 1

Similar threads


ASK THE COMMUNITY

TRENDING THREADS