Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


KevinTheGerbil

4 posts

Wannabe Geek


#311781 14-Feb-2024 14:42
Send private message

Hi All

 

I'm new to the forums and am looking for some help.

 

My son came home from Uni for the holidays and used my PC to play Steam games.  I now find I have Windows Security saying that my PC is infected with a trojan called PWS:Win32/OnLineGames.L!dll.  I have tried all of the online instructions on how to get rid of this item but it keeps coming back once the PC restarts.

 

I would really appreciate some help with this...😬

 

Cheers Kevin


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
systemd
32 posts

Geek

Trusted

  #3195221 14-Feb-2024 17:33
Send private message

Sounds like something could be running on logon - are you able to check the startup items from task manager and see if anything stands out?

 

Also, I assume you have attempted to remove all traces of the games from the computer?




xpd

xpd
Geek @ Coastguard NZ
13769 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #3195223 14-Feb-2024 17:55
Send private message

Malwarebytes Antimalware should help.

 

https://www.malwarebytes.com/mwb-download

 

 





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 


xpd

xpd
Geek @ Coastguard NZ
13769 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #3195224 14-Feb-2024 17:56
Send private message

Also if comfortable with regedit, check here : 

 

  • [HKLM\SoftWare\Microsoft\Windows\CurrentVersion\Run]

 





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 




gzt

gzt
17140 posts

Uber Geek

Lifetime subscriber

  #3195227 14-Feb-2024 18:04
Send private message

Tried the Windows Defender offline scan already?

KevinTheGerbil

4 posts

Wannabe Geek


  #3195234 14-Feb-2024 18:29
Send private message

Hi All

 

Thanks for the replies.  I have tried MalwareBytes, the Windows Defender low-level tool and checked the Registry and there doesn't seem anything untoward.

 

The Windows Defender message implies that files in my day-to-day programs have been infected (see picture attached).  Thoughts appreciated...

 

Cheers Kevin

 


KevinTheGerbil

4 posts

Wannabe Geek


  #3195241 14-Feb-2024 18:35
Send private message

REGEDIT information as below.  I'm not to sure what the entries refer to:

 

 

Cheers Kevin


Azzura
603 posts

Ultimate Geek

ID Verified

  #3195296 14-Feb-2024 19:06
Send private message

Maybe this is old fashion....I'd be using a virus scan boot disk/usb stick....or don't people use those anymore? If that didn't work...format reinstall....delete the partition and install from there.


 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
cddt
1561 posts

Uber Geek


  #3195317 14-Feb-2024 21:21
Send private message

If an anti-virus software can't help you, and you've tried a couple, then you're unlikely to be able to remove it yourself. That leaves only the option of a reimage - suggest you go ahead with this, while changing passwords. 


Rickles
2938 posts

Uber Geek

Trusted

  #3196063 16-Feb-2024 08:00
Send private message

FWIW, I've encountered similar problem, ironically with a well know anti-virus brand.

 

I've always tended to find this process to works well -

 

    Run Revo Uninstaller on the program itself ... revo has a feature whereby it searches for Registry entries too

 

    Then run MalwareBytes,

 

    Then search C: drive using unique terms for the offending program, e.g. "OnLineGames", and delete all found instances

 

    For those instances where its reported that file cannot be deleted, I use LockHunter to delete them

 

Only after all the above do I re-boot machine.

 

    


bagheera
539 posts

Ultimate Geek


  #3196109 16-Feb-2024 09:49
Send private message

in the past, I have had some very old school files that date back to msdos days reload virus for me.

 

 

 

have a look at this, it cover every thing

 

 

 

https://superuser.com/questions/1413524/how-do-anti-virus-programs-start-at-windows-boot


cddt
1561 posts

Uber Geek


  #3196202 16-Feb-2024 12:01
Send private message

You guys are scaring me with these suggestions. 

 

 

 

If I had a known password stealer on my PC, which was unable to be removed by Windows Defender or Malwarebytes, I wouldn't do anything short of a reinstall. If you perservere in trying to remove it yourself, there is a significant risk that you either won't be able to do it or there is other malware you're not aware of. 


freitasm
BDFL - Memuneh
79295 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3196254 16-Feb-2024 12:14
Send private message

cddt:

 

If I had a known password stealer on my PC, which was unable to be removed by Windows Defender or Malwarebytes, I wouldn't do anything short of a reinstall. If you perservere in trying to remove it yourself, there is a significant risk that you either won't be able to do it or there is other malware you're not aware of. 

 

 

This. QFT.

 

This PC is compromised and nothing you do short of a reinstall will save it - and in some cases not even that.

 

Nuke the install. If it's Windows 10 or Windows 11 use the Refresh option.

 

If it still reports the virus after a fresh install, do an offline install from a Read Only media.





Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 


ratsun81
508 posts

Ultimate Geek


  #3196270 16-Feb-2024 12:39
Send private message

freitasm:

 

cddt:

 

If I had a known password stealer on my PC, which was unable to be removed by Windows Defender or Malwarebytes, I wouldn't do anything short of a reinstall. If you perservere in trying to remove it yourself, there is a significant risk that you either won't be able to do it or there is other malware you're not aware of. 

 

 

This. QFT.

 

This PC is compromised and nothing you do short of a reinstall will save it - and in some cases not even that.

 

Nuke the install. If it's Windows 10 or Windows 11 use the Refresh option.

 

If it still reports the virus after a fresh install, do an offline install from a Read Only media.

 

 

I might even consider doing a proper disk wipe not just the typical File Allocation Table format that windows does. 


KevinTheGerbil

4 posts

Wannabe Geek


  #3197017 18-Feb-2024 13:08
Send private message

Hi All

 

Thanks for all of your suggestions.  I tried them all but eventually ended up doing a RESET on Windows 11 (not a Refresh, which only works on the screen).  Trojan is gone now but it has taken me a day to get all of my software reinstalled.

 

Cheers Kevin


freitasm
BDFL - Memuneh
79295 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3197018 18-Feb-2024 13:10
Send private message

Good job.




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.