Virus Windows 10 64bits

Forums › Desktop computing › Virus Windows 10 64bits

shakedown14

60 posts

Master Geek

ID Verified

#210506 30-Mar-2017 13:44

Hi Geekzone,

I had a virus on my work computer this one: https://www.bleepingcomputer.com/news/security/chrome-users-targeted-with-malware-via-new-font-wasnt-found-technique/

I used Adaware and Malwarebytes to remove it. Most of it is but I still have a spam message that comes up on Chrome when I start my computer.

How do I remove the last bit?

Also since that folders open in a new window so keeps opening heaps in new windows, all my PDF/Excel/word files have been corrupted. Also when I save a file I can save it anywhere on my computer some path are missing like if I want to save on disk D: I can only save on the root cause I don't see the folders.

I've done a Registry check and found nothing.

How can I fix all that?

Cheers,

MadEngineer

4295 posts

Uber Geek

Trusted

#1750700 30-Mar-2017 13:49

Format

You're not on Atlantis anymore, Duncan Idaho.

antoniosk

2358 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1750709 30-Mar-2017 14:05

sys restore?

________

Antoniosk

gehenna

8518 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#1750713 30-Mar-2017 14:16

If it's your work computer is it your responsibility to do all that? I'd give it to your IT staff.

shakedown14

60 posts

Master Geek

ID Verified

#1750716 30-Mar-2017 14:20

gehenna:

If it's your work computer is it your responsibility to do all that? I'd give it to your IT staff.

I'd like to do it myself if possible and I'm propably the one with the best IT knowledge in my company (8 people).

MadEngineer

4295 posts

Uber Geek

Trusted

#1750720 30-Mar-2017 14:23

Sounds like you need an IT review.

You're not on Atlantis anymore, Duncan Idaho.

old3eyes

9120 posts

Uber Geek

Subscriber

#1750776 30-Mar-2017 16:45

I remember a similar problem about two years ago and used Adwcleaner to remove any crap that was left ..

Regards,

Old3eyes

Batman

Mad Scientist
29769 posts

Uber Geek

Trusted

Lifetime subscriber

#1750799 30-Mar-2017 17:40

i'd run Avast boot scan. not sure if that's the right way but that's what I'd do. backup first though.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

Andib

1364 posts

Uber Geek

ID Verified

Trusted

#1750801 30-Mar-2017 17:42

Check for Chrome extensions.

I've recently seen adware load 'legit' extensions to Chrome & Firefox which aren't detected by Malwarebytes and the like.

<#
.DISCLAIMER
Anything I post is my own and not the views of my past/present/future employer.
#>

timmmay

20587 posts

Uber Geek

Trusted

Lifetime subscriber

#1750802 30-Mar-2017 17:43

Restore from backup or reinstall. I use Macrium Reflect for OS backups.

ANglEAUT

2327 posts

Uber Geek

Trusted

Lifetime subscriber

#1750864 30-Mar-2017 19:50

shakedown14:

gehenna: If it's your work computer is it your responsibility to do all that? I'd give it to your IT staff.

I'd like to do it myself if possible and I'm propably the one with the best IT knowledge in my company (8 people).

The best way is to wipe the device and re-install the OS. That way is the best to guarantee that nothing malicious was left behind / overlooked.

If you really want to try a clean-up, back up your data and start with these

In Win8 / Win10, run Task Manager and look at the Start Up tab. Disable everything that you don't believe should be there. IF you are unsure, rather disable and see if anything breaks.
In Win7 / Win8 / Win10 you can run MSCONFIG.EXE and again from the Start Up tab, disable everything, reboot several times and only enable broken functionality related items. On the Services tab, hide all Microsoft related services and again disable everything, reboot and then only enable broken functionality.
More low level, look at the Registry (Beware!!! Take care! Approach with caution!) Right click on a folder / key in the left hand navigation tree and export to a .reg file before making any changes.
- Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete non-required entries
- Browse to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run and delete non-required entries
- Browse to HKEY_LOCAL_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete non-required entries
- Browse to HKEY_LOCAL_USER\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run and delete non-required entries
Disable extensions / add-ons in all installed browsers
Failing all of that, try to roll-back to a previous restore point before the infection by running RSTRUI.exe
In Win8 / Win10 you can try to "reset" your PC from Start -> Settings -> Update & Security -> Recovery -> Reset PC. This effectively will "re-install" Windows while leaving your files intact.
In Win8 / Win10 you can try to "refresh" your PC from Start -> Settings -> Update & Security -> Recovery -> Advanced Start-up. This will "re-install" Windows completely and wipe everything else out.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

yitz

2081 posts

Uber Geek

#1750867 30-Mar-2017 19:54

+1 System restore is surprisingly pretty effective in general at getting rid of malware.

shakedown14

60 posts

Master Geek

ID Verified

#1757606 6-Apr-2017 15:01

Thanks guys I think I'll give a try to the "Reset this PC" option that Windows 10 gives you. Apparently restore system to factory without touching documents.

Coil

6614 posts

Uber Geek
Inactive user

#1757625 6-Apr-2017 15:03

timmmay:

Restore from backup or reinstall. I use Macrium Reflect for OS backups.

+1 for Macrium reflect, You can also load the ISO into Hyper V or VMWare and troubleshoot the drive in a "sandbox".
If successful re flash the HDD with the new image and boom!

Batman

Mad Scientist
29769 posts

Uber Geek

Trusted

Lifetime subscriber

#1757635 6-Apr-2017 15:07

shakedown14:

Thanks guys I think I'll give a try to the "Reset this PC" option that Windows 10 gives you. Apparently restore system to factory without touching documents.

Depending on how much you value your "documents", I'd back them up, but treat the backup as an infected drive.