Virus/Windows error

[Cronic]

So I need some help with fixing a friends computer. The computer is an hp envy running windows 10. It shuts down shortly after booting normally stating windows has encountered an error and needs to shut down. I cant really access any windows programs or control panel options, internet isn't functioning, and I cant seem to install programs. Windows services also seem to be inactive/stopped. I attempted to install mbam, but received a runtime error (46:120) could not call proc error, but I was able to run mbar, which found 6 Trojans/windows hijacks. I'm at a loss, even tried running Kaspersky rescue cd but it found nothing. Last thing I tried was hirens boot cd, ran a mbam scan from that (highly outdated), found 1 item, but the issues are still persisting. Any advice or ideas would be appreciated

 

[eidairaman1]

Have you tried safe mode?

You need to find out what the bsod is by turning off automatic restarts after crash. You also need to find errors in the event viewer too to determine if you have faulty hardware or an os update that screwed it up or something resulting from not browsing the internet with smarts.
Use
Https://www.google.com to learn how to shut off automatic restarts, how to enter safemode.

 

[Tallencor]

Copy the key backup important data and re install Windows.

 

[Cronic]

Ive been in safemode, still get the error but it doesn't restart. I'm not getting a bsod, its a pop up about 5 minutes after logging in that says windows encounted an error and needs to restart, and I was unable to stop the shutdown with cmd prompt

 

[jboydgolfer]

You really need to do a fresh install there's no other feasible option. At this point if your friend wants a safe and secure computer ,it's the only sure option, especially with all the difficulty you're encountering when trying to access the pc,and address the issue

 

[Jetster]

Activate the recovery partition. Esc or F11 (I think) on restart.
clicking Troubleshoot, and then selecting HP Recovery Manager

reality is once you get hijacks a complete wipe of the drive is the best way
Ether clean install or use the recovery partition to put it back to factory, and then uninstall all the HP software (not drivers) and do the windows updates
The windows key will remain intact with the recovery partition

 

[Solaris17]

The solver side of me wants to help you fix this. the realistic side of my tells me to explain its faster just to backup and format.

 

[Cronic]

I'm strongly considering the backup/reinstall option, but my friends a photographer, and theres a lot of programs/pictures to backup/replace afterward. I have 3 more ideas I'm gonna run through to try and fix but I think whatever virus she got has me beat lol

 

[SanityGaming]

I could be wrong. I use bitdeffender and I'm sure they have a way to scan the computer with out physically booting into windows I sometimes also use malwarebytes and I'm sure they have that type of way to. I highly suggest trying both even if just save mode.

Their is another way.

Take out his haRd drive plug it into yours as external and If you can then have the drive show on your pc. Scan that drive with yours then boom! ! Bye bye virus!

 

[hapkiman]

Pull out the harddrive or SSD from the laptop. Copy all the photos and/or data to a new separate drive to back them up. Wipe drive from laptop and format. Re-insert drive back into laptop and do a fresh install of Windows. Its the best and safest way.

Just had to do something similar to my son's Dell laptop. It's all good now.

 

[Tallencor]

I could be wrong. I use bitdeffender and I'm sure they have a way to scan the computer with out physically booting into windows I sometimes also use malwarebytes and I'm sure they have that type of way to. I highly suggest trying both even if just save mode.

Their is another way.

Take out his haRd drive plug it into yours as external and If you can then have the drive show on your pc. Scan that drive with yours then boom! ! Bye bye virus!

Unless of corse it infeces his pc.
Op. Just think how happy she will be with a clean install with all programs up to date smooth as silk os. Plus you can brag about how good u r at this kind of thing.

 

[jboydgolfer]

Isn't doing any sort of back up very risky in a situation like this? Unless you have some knowledge as to the location of the supposed infection or rootkits, Making a back up would likely contain whatever viruses are plaguing the computer right now. Personally I would just cut my losses, and be certain to impress upon this user the importance of proper security so this situation can be avoided in the future.I understand that it's an inconvenience to lose photographs, important files, memorabilia, but it's better than losing your identity and bank information( worst case scenario )

 

[SanityGaming]

Isn't doing any sort of back up very risky in a situation like this? Unless you have some knowledge as to the location of the supposed infection or rootkits, Making a back up would likely contain whatever viruses are plaguing the computer right now. Personally I would just cut my losses, and be certain to impress upon this user the importance of proper security so this situation can be avoided in the future.I understand that it's an inconvenience to lose photographs, important files, memorabilia, but it's better than losing your identity and bank information( worst case scenario )

You could do my option. It "shouldn't" not saying 100% infect you of you have a good antivirus and protected setup. But if you wish just format and reinstall windows.

 

[Cronic]

Haha I have comodo and Malwarebytes pro (literally one of the few programs ive paid for), I'm not too concerned bout my laptop. If I had a docking bay for external drives, I think that's an awesome idea, I could even put her hd into one of my bays since my os is on a ss......ty for the ideas I didn't consider taking the harddrive out physically, I had the idea to update mbar before putting it on her computer, the version that found the hijacks was 2014, now I'm scanning it with a 2017 database, if that doesn't work to get the ability to install mbam ill try putting it in my computer and post back after I get another scan

Also, mbam doesn't have a bootable option, but they do have the rootkit tool that doesn't need to be installed. I tried the kaspersky rescue which boots into its own desktop, but if found nothing

 

[SanityGaming]

Haha I have comodo and Malwarebytes pro (literally one of the few programs ive paid for), I'm not too concerned bout my laptop. If I had a docking bay for external drives, I think that's an awesome idea, I could even put her hd into one of my bays since my os is on a ss......ty for the ideas I didn't consider taking the harddrive out physically, I had the idea to update mbar before putting it on her computer, the version that found the hijacks was 2014, now I'm scanning it with a 2017 database, if that doesn't work to get the ability to install mbam ill try putting it in my computer and post back after I get another scan

You are welcome it'd actually best idea in my eyes having it connected to yours then cleaning it.

 

[Cronic]

what will suck is finding where hers is. My laptop has easy access to the 2 ssd's and 1 of the regular hd's. Hers....doesn't look to have easy access to anything.

 

[SanityGaming]

what will suck is finding where hers is. My laptop has easy access to the 2 ssd's and 1 of the regular hd's. Hers....doesn't look to have easy access to anything.

Darn that sounds like a pain

 

[Solaris17]

Isn't doing any sort of back up very risky in a situation like this? Unless you have some knowledge as to the location of the supposed infection or rootkits, Making a back up would likely contain whatever viruses are plaguing the computer right now. Personally I would just cut my losses, and be certain to impress upon this user the importance of proper security so this situation can be avoided in the future.I understand that it's an inconvenience to lose photographs, important files, memorabilia, but it's better than losing your identity and bank information( worst case scenario )

It depends, as long as the host machine has an AV solution that supports active scanning it will clean whatever comes through.

 

[therealmeep]

If you've got some sort of a spare system, leave it disconnected from any sort of network, plug in the drive, boot into your host os copy whatever valuables that you want off of it onto something like a USB stick, and from there do something like wipe both drives and reinstall

 

[jboydgolfer]

I wonder if @OP is able to access windows defender ( long shot& not a great program) but it does have an off-line scan option. It shuts down windows and does the scan in a boot state. Worth a shot if there's no other option

 

[Cronic]

I was able to use mrt, so once mbar is done ill look into that. I didn't realize it had a boot state scan option.

 

[SanityGaming]

I was able to use mrt, so once mbar is done ill look into that. I didn't realize it had a boot state scan option.

Make sure to update us!

 

[jboydgolfer]

I didn't realize it had a boot state scan option.

neither did i , until i was screwing around in windows seeign what new shit was added, and came upon the option. it isnt in the windows defender interface that You find in the taskbar though, you have to go into system settings, by right clicking on taskbar/settings/, then into accounts/security.
Frankly, i was surprised, but its about damn time M$ get in the game with some decent settings/options regarding theyre Security programs...all in all, it isnt terrible for a free program, but there are others i would go with personally. I recently bought MBAM on newegg.com for $30, but it came with a $10 gift card refund 4 days after purchase....its a 1 year key, for 3 PC's, so it will cover me on 3 of my machines atleast..since you have MBAM, try out chameleon too, it is good @ finding nasty shit on your PC...lemme see what tools i have from MBAM's team, some are pretty good.

Lots of goodies from malwarebytes CAN be useful in the right situation..

Malwarebytes AdwCleaner
LEARN MORE DOWNLOAD
Junkware Removal Tool by Malwarebytes
LEARN MORE DOWNLOAD
Malwarebytes Anti-Rootkit beta
LEARN MORE DOWNLOAD
Malwarebytes Chameleon
LEARN MORE DOWNLOAD
Malwarebytes StartUpLITE
LEARN MORE DOWNLOAD
Malwarebytes FileASSASSIN
LEARN MORE DOWNLOAD
Malwarebytes RegASSASSIN
LEARN MORE DOWNLOAD

 

[Cronic]

I finished the Malwarebytes anti rootkit tool fully updated, it found nothing this time. Tried to do the offline scan, says an error occurred...try again later. I'm thinking I may have already removed the viruses present and now my issues are simply windows file based. I am currently making a windows 10 boot drive to run recovery and see if that gets me anywhere, thanks for the ideas so far, ill post more when I'm done with that

 

[eidairaman1]

Try SFC /SCANNOW from a console