Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popup Ransomware Disabled all Security On My Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popup Ransomware Disabled all Security On My Computer

Unread postby seasun » July 18th, 2017, 11:16 pm

I followed a link from Google search that Bitdefender marked as safe. As soon as I got to the website, I got 2 pop-ups: a warning from windows defender and the virus pop-up. My computer immediately froze. I had to use the power button to turn it off and restart in safe-mode.

I can neither open Windows Defender or Bitdefender. I tried to run Bitdefender and Eset online scanners but they don't open. I can run Malawarebytes and ADWcleaner but they do a partial scan then stop working. Please help
You do not have the required permissions to view the files attached to this post.
seasun
Active Member
 
Posts: 13
Joined: July 18th, 2017, 9:49 pm
Advertisement
Register to Remove

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby capnkrunch » July 21st, 2017, 6:34 pm

Hello seasun :)

Apologies for the delay in getting to your topic. I am currently reviewing your logs and will reply shortly.
User avatar
capnkrunch
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 747
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby seasun » July 21st, 2017, 7:13 pm

Thank you. As an update. I was finally able to re-download Bitdefender, I did a system scan that took several hours but, It did not find anything. I was also able to connect to my home network today. I still can't use Adwcleaner or Malwarebytes even after uninstalling and redownloading them.
seasun
Active Member
 
Posts: 13
Joined: July 18th, 2017, 9:49 pm

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby capnkrunch » July 21st, 2017, 7:36 pm

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello seasun and welcome to the Malware Removal Forums :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

User avatar
capnkrunch
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 747
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby capnkrunch » July 21st, 2017, 7:44 pm

Step one...

Please run the following scan:

CKScanner
Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.

Step two...

Please answer the following questions:
  • Is this computer used for business purposes including home or small business?
  • Is this computer connected to an educational network, for example at a university?
It's important for me to know in order to provide proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • ckfiles.txt
  • Answers to my questions
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 747
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby capnkrunch » July 23rd, 2017, 11:01 pm

Hello season :)

It has been 48 hours since my last post.
  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
User avatar
capnkrunch
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 747
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby seasun » July 24th, 2017, 5:28 pm

yes, I do. Was away for the weekend
seasun
Active Member
 
Posts: 13
Joined: July 18th, 2017, 9:49 pm

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby capnkrunch » July 24th, 2017, 5:32 pm

Hello seasun :)

Please complete the steps in my last post and include the requested information in your reply.
User avatar
capnkrunch
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 747
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby seasun » July 24th, 2017, 6:42 pm

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\bitdefender antivirus free\kitinstaller\crypt.dll
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\users\sylvia\desktop\old firefox data\llz8n4jk.sylvia s-2\sessions\playon 3.10 final free crack, keygen ...-2015-11-05.session
c:\users\sylvia\favorites\links\imported from firefox\websites\fun stuff\funny pictures u crack me up.url
c:\users\sylvia\favorites\links\imported from firefox (1)\websites\fun stuff\funny pictures u crack me up.url
c:\users\sylvia\favorites\links\imported from firefox (2)\websites\fun stuff\funny pictures u crack me up.url
scanner sequence 3.BD.11.LONAF0
----- EOF -----
seasun
Active Member
 
Posts: 13
Joined: July 18th, 2017, 9:49 pm

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby capnkrunch » July 25th, 2017, 11:54 am

Hello seasun :)

Please answer my questions regarding educational networks and business use from my previous post. It's important for me to know in order to provide proper instructions. As a reminder they were:
  • Is this computer used for business purposes including home or small business?
  • Is this computer connected to an educational network, for example at a university?
User avatar
capnkrunch
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 747
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby seasun » July 27th, 2017, 4:52 pm

No, it's my personal computer used from home on my privatre home network
seasun
Active Member
 
Posts: 13
Joined: July 18th, 2017, 9:49 pm

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby capnkrunch » July 28th, 2017, 12:24 pm

Hello seasun :)

Your past two replies have been very close to the 72 hour time limit. As conditions can change rapidly on an infected PC, it is important that we are working with current information. Please try to be more prompt in your replies in the future. Ideally try to keep your replies to within 24 hours of my posts.

Please run a new FRST scan:

FRST Scan
  • You should still have FRST64.exe in your Downloads folder. If not please download it HERE.
  • Close all open programs and windows.
  • Right click FRST64.exe and select Run as administrator.
  • Under Optional Scan check Addition.txt.
  • Press the Scan button and wait while the scan finishes.
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.txt
  • Addition.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 747
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby seasun » July 28th, 2017, 5:21 pm

Farbar has disappeared from my download folder. I've tried several times to re-download and install it but, it won't install. On one instance, I got a pop up saying that it was blocked by Windows Defender because it can harm the computer. The strange thing is that I have Windows Defender turned off

The computer seems to be running OK. Bitdefender is running on autopilot, it is doing complete scans but not finding anything.
seasun
Active Member
 
Posts: 13
Joined: July 18th, 2017, 9:49 pm

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby capnkrunch » July 29th, 2017, 12:50 am

Hello seasun :)

Can you please follow these steps to confirm that Windows Defender is disabled?

Step one...

Check the Windows Defender Status
  • Click Start.
  • Type defender into the search box and select Windows Defender from the results.
  • Click Settings.
  • If Real-time protection is turned on, then turn it off and try running FRST again.

If this doesn't work, please try running FRST from Safe Mode. Please print out these instructions or make sure you have access to them on another device as you will not have internet access in Safe Mode.

Step two...

Boot Into Safe Mode
  • Before booting into Safe Mode, download FRST64 from HERE. Copy it onto your Desktop (this makes things easier to find).
  • Click Start and then click Settings.
  • Click Update & security and then select Recovery.
  • Under Advanced startup click Restart Now.
  • Your computer will reboot to the Choose an option screen.
  • Select Troubleshoot > Advanced options > Startup Settings > Restart.
  • Your computer will reboot again to another menu. Press 4 or F4 to boot into Safe Mode.

Step three...

FRST Scan
  • Right click FRST64.exe and select Run as administrator.
  • Under Optional Scan check Addition.txt.
  • Press the Scan button and wait while the scan finishes.
  • Once finished, two files will open: FRST.txt and Addition.txt. Close these files and reboot regularly.
  • Navigate to your Desktop and post the contents of FRST.txt and Addition.txt in your reply.

In your next reply please include:
  • Did you have any problems with the instructions?
  • Were you able to confirm that Windows Defender was disabled?
  • FRST.txt
  • Addition.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 747
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popup Ransomware Disabled all Security On My Computer

Unread postby seasun » July 29th, 2017, 2:54 pm

Windows Defender is turned off. I am unable to install FRST64.exe in normal mode. I continue to get a pop up saying that it was blocked by Windows Defender even though WD is turned off.
seasun
Active Member
 
Posts: 13
Joined: July 18th, 2017, 9:49 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 75 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware