Worst Virus Ever (Help me.)

ethanwebb24

Prominent
Aug 21, 2017
7
0
510
0
Today I looked in my Task Manger to find alot of really odd looking things. Can't remember exactly but there was alot of svchosts or something similar. Anyway I decided to get Malwarebytes, I downloaded the installer but it wouldn't run, it said resource is being used. So after several tried and several different anti-virus programs, none would work. So I decided to start clean. I go to reset my laptop, and it won't work. The button to delete all files and restart with a fresh Windows 10 installation didn't work. So I made a USB windows 10 installer and plugged it in, and went to get to my Bios. I couldn't get to it. It's like the bios is gone or something. I can't get to it at all. I've tried the keys booting up, I've tried holding shift during restart, I've tried everything. Nothing works. Im now in a command safe mode, which I don't know how I go to. So it boots up to the login where I put in my password, then I put it in and it goes straight to a full screen command prompt in system32. I want to format my laptop now and can't l. I can't even delete system32. I'm flat out stuck.
 

JoshRoss

Commendable
Jul 11, 2017
228
0
1,260
60
First of all, formatting. It is extremely difficult to read things that you tried doing. That out of the way let's clarify a couple of things. You go into BIOS during the initial booting sequence, not when the Windows is loading, but when your Motherboard is booting up BIOS to boot up your HDD/SSD to boot up Windows.

SVCHost are legitimate processes that occupy networking, monitoring, and a million other Windows processes. You seem to have deleted/stopped relevant Windows files (How?). You also might be simply booting in Safe mode with command prompt, which is one of the 3 safe boot options you might have clicked under the panic. Try doing the same "Safe mode" boot and get into the regular safe mode.

That out of the way, there is some viruses and malware that disable anti-virus. The best course of action for that is to do the following:

1. Restart your PC in “Safe mode with networking.”
2. Install and run RKill to kill malicious processes and services
3. Check your Programs and features and see if there are any new recently installed programs that you don’t recognize. If there are, remove them.
4. Check your task manager for any suspicious processes, if found, identify folders and try to remove them manually. Or just "Win key + R" and type %appdata%. Afterward, delete potentially malicious folders.
5. Do a full scan with anti-virus software of your choice or use Windows Defender to clean up initial infections.
6. Scan your PC with Hitman Pro, Malwarebytes, and AdwCleaner. Multiple anti-malware solutions will confirm that the threat was removed.
7. Restart your PC in normal mode and do an additional scan to confirm that the malware is gone.

If you can't boot into safe mode or regular mode and want to wipe your HDD, here is what you need to do: Get a USB stick and install DBAN on it. During the boot, go into your bios (Del, f2, shift, esc) one of the buttons should work. And nuke your HDD. Warning, you will lose all of your data. That's pretty much what I can help you with.
 

JoshRoss

Commendable
Jul 11, 2017
228
0
1,260
60
First of all, formatting. It is extremely difficult to read things that you tried doing. That out of the way let's clarify a couple of things. You go into BIOS during the initial booting sequence, not when the Windows is loading, but when your Motherboard is booting up BIOS to boot up your HDD/SSD to boot up Windows.

SVCHost are legitimate processes that occupy networking, monitoring, and a million other Windows processes. You seem to have deleted/stopped relevant Windows files (How?). You also might be simply booting in Safe mode with command prompt, which is one of the 3 safe boot options you might have clicked under the panic. Try doing the same "Safe mode" boot and get into the regular safe mode.

That out of the way, there is some viruses and malware that disable anti-virus. The best course of action for that is to do the following:

1. Restart your PC in “Safe mode with networking.”
2. Install and run RKill to kill malicious processes and services
3. Check your Programs and features and see if there are any new recently installed programs that you don’t recognize. If there are, remove them.
4. Check your task manager for any suspicious processes, if found, identify folders and try to remove them manually. Or just "Win key + R" and type %appdata%. Afterward, delete potentially malicious folders.
5. Do a full scan with anti-virus software of your choice or use Windows Defender to clean up initial infections.
6. Scan your PC with Hitman Pro, Malwarebytes, and AdwCleaner. Multiple anti-malware solutions will confirm that the threat was removed.
7. Restart your PC in normal mode and do an additional scan to confirm that the malware is gone.

If you can't boot into safe mode or regular mode and want to wipe your HDD, here is what you need to do: Get a USB stick and install DBAN on it. During the boot, go into your bios (Del, f2, shift, esc) one of the buttons should work. And nuke your HDD. Warning, you will lose all of your data. That's pretty much what I can help you with.
 

ethanwebb24

Prominent
Aug 21, 2017
7
0
510
0


I did. Still wouldn't open. I finally got a anti-virus I'd never heard of trying to fight it and although it didn't remove the virus it let me into Bios, so I guess it crippled it somehow. Weird stuff.. I just formated and restarted fresh with a new Windows 10 install. So I guess I'm solved.
 

JoshRoss

Commendable
Jul 11, 2017
228
0
1,260
60
Rkill was blocked by a virus? That's a new one. Usually, they do not do that. You can always rename the rkill.exe to something different like potato.exe and then execute it. A lot of viruses tend to block processes by their initial names so that change shouldn't be an issue.

In any case, I am sorry my tips couldn't fully help you out, but I am glad that you managed to get a fresh install of your Windows copy.

Word of advice, try being aware of what you are browsing, what files you are downloading and in general what you are doing on the net. Often enough, people are far too careless about security on the Web. Also, make sure you are running at least a free copy of antivirus of your choice, have Malwarebytes and Adwcleaner on hand and use some form of adblock in your browsers, will do wonders for you in the long run.
 

vnsolbk

Prominent
Aug 22, 2017
3
0
510
0


How do you know you have a virus? It's completely normal to have a lot of svchost processes running. Its a library service that windows applications use to run.
 

JoshRoss

Commendable
Jul 11, 2017
228
0
1,260
60
Suspicious PC activity? Pop ups? Applications not working? Certain functions not working? Malfunctioning PC and plenty of other signs that the PC has issues. That tipped off the person, and he is aware that something is wrong. Quite simple.
 

vnsolbk

Prominent
Aug 22, 2017
3
0
510
0
Well i'm quite aware myself what takes to find out if i have a virus, but he didn't specify anything beyond the svchosts. When you don't know how technical people is, it couldt simply be virus paranoia :)
 

JoshRoss

Commendable
Jul 11, 2017
228
0
1,260
60
Virus paranoia or not, it is always good to help people and try to feel them more comfortable doing certain decisions. I sometimes freak-out myself about malware or similar issues, and I work in that field. I can understand the people quite well. If he does all the steps and it comes out clean, he can be assured, that there is no malware on his device at the current moment.
 

vnsolbk

Prominent
Aug 22, 2017
3
0
510
0
Of course it's good to help people out. Would just have been good help to have a bit more meat on the bone to identify the real issue to be sure that it actually was a virus, which it very likely was, but could have been something else. I also work in that field, and ransomware and viruses are so normal these days that its really just normal to experience doing a full backup of a clients server now and then. As long as you have backups its nothing to stress about. ofcourse it generates some work, but for us technicians that is not really an issue. money money moneeeeey.
 

JoshRoss

Commendable
Jul 11, 2017
228
0
1,260
60
True. Here is the thing. The average user will not know that he needs to provide in-depth information about the situation. What might appear to be common sense to you and me, can be completely irrelevant to a person that hasn't had this issue before. A lot of people are like that, and its nothing surprising. I realized that asking too many questions will leave the user skeptical about your abilities and most of them just want to do something to prevent it. That is why I just posted general removal guide, which helps in 90% of the cases. If it doesn't, and the user is still interested in fixing the problem without a factory reset, I then proceed to ask in-depth questions.

In regards to backups, people don't do them, more than half of the users are not even aware that you can do them and even fewer users are aware of cloud and NAS solutions that are available for their convenience.
 

ethanwebb24

Prominent
Aug 21, 2017
7
0
510
0
I'm sure I had a virus. My initial post did sound like I was virus paranoid sorry for that. I was on my phone posting because my laptop was all messed up. Thank you everyone who did help, you did lead me to the solution I found. I knew I had a virus because my whole task manger was filled with svchost.exe and svchost(2).exe, which weren't in the System32 folder. Not only that but Windows defender, when it was working, found something and it couldn't remove it. So when I went to get a different AV and it didn't work, I kept trying different AV's until finally Zemana worked a little bit and let me access BIOS. This is the only virus I've had that has blocked my from my BIOS. Thanks again guys. (thanks virus for leading me to tom's hardware. great forum.)
 

mdd1963

Distinguished


'Wouldn't open'....

It should not be opened from within infected Windows,the intent was to boot *from* the created bootable disc....; hence the instructions to 'boot from it', which requires a few keystrokes in BIOS to select new boot device (either CD/DVD or USB).

Sorry if that was not clear....
 

JoshRoss

Commendable
Jul 11, 2017
228
0
1,260
60
Glad we could help. Hopefully, such issues won't happen in the future. Word of advice. Always be careful where you are browsing, what you are downloading, and most importantly, avoid ads. Get some form of adblock to prevent ad-spread malware. Other than that, you should be good to go!
 
Thread starter Similar threads Forum Replies Date
frostin71 Antivirus / Security / Privacy 4
J Antivirus / Security / Privacy 5
Me. Opanak Antivirus / Security / Privacy 1
S Antivirus / Security / Privacy 1
T Antivirus / Security / Privacy 3
DCB007 Antivirus / Security / Privacy 4
N Antivirus / Security / Privacy 5
A Antivirus / Security / Privacy 3
E Antivirus / Security / Privacy 1
W Antivirus / Security / Privacy 3
L Antivirus / Security / Privacy 6
W Antivirus / Security / Privacy 1
N Antivirus / Security / Privacy 2
G Antivirus / Security / Privacy 0
G Antivirus / Security / Privacy 0
G Antivirus / Security / Privacy 0
E Antivirus / Security / Privacy 4
G Antivirus / Security / Privacy 0
Marshall Honorof Antivirus / Security / Privacy 1
J Antivirus / Security / Privacy 5

ASK THE COMMUNITY