dragokas / hijackthis

A free utility that finds malware, adware and other security threats
http://hjt.sf.net
GNU General Public License v2.0
703 stars 112 forks source link

Plagued by virus's, and also now likely by my own bafoonery. #184

Closed ravetank closed 2 years ago

ravetank commented 2 years ago

Welcome! Thank you for joining the section of VIRUSNET association support.


BEFORE ASKING HELP, READ CAREFULLY THIS INSTRUCTION:


Step 1: Show us the required logs (for PC cure only):

Step 2: Describe your problem in details:

Hi there, I began noticing issues with my Win10 OS back in mid November, 2021, just odd happenings, weird WindowsDefender behavior, and in general a pretty decent loss of performance. So I performed a full backup to backblaze, then on December 6, 2021, I used the SamsungErase tooI to reset my 970Pro NVME m.2 and then I performed a fresh Win10 install, on my NVME local drive. I did not however format or clean off my storage drives. I should note here that I produce music professionally, and also livestream/ produce visuals, so the contents of my storage drives are very important, as is the performance of my PC. So upon the fresh install I decided rather than reinstalling my pro audio software, I would spend a cpl weeks trying out some different antivirus solutions, as well as testing out a bunch of free apps and such from all the top software hosting sites which is something I would NEVER in a 1000 years normally do on my production PC, as I know that testing that many free apps is going to cause major issues; but seeing as I had a full PC backup of all drives on both backblaze, and on an external USB HD, plus one more on my F:\ HDD, I figured with a triplicate backup now would be the time to test anything that looked useful/interesting, and after curating a list of apps that I liked and had proved to be safe I would do another fresh Win10 install, and install the new apps I got along with all my pro audio and streaming/ visual stuff. (see image 01). I was also determined to fine the best antivirus, anti-malware, and total security solution available that met my needs.

01   2022-05-04 08_25_35-New Issue · dragokas_hijackthis — Mozilla Firefox

I installed the entire SOPHOS endpoint demo and only made it 6 days before bricking my fresh install thanks to free sketchy apps. So I did a new fresh install Dec.12, 2021, then installed the demo of ESET's flagship AV lineup, and continued testing apps and stuff until another massive infection on December 26, 2021, (ya gotta remember that I was 22 months into the covid lockdown, and really had nothing better to do). So new fresh install December 26, 2021, followed by the full free AVAST security solution. and yet more testing, I honestly tried over 750 apps before my final, or rather, what SHOULD have been my final fresh install.

Oh, at this point I should mention that I had decided that I would try to use as many portable apps as possible, as I HIGHLY customize the settings of my software to work ideally for my needs, and having to reconfigure the settings that I had spent 3 years fine tuning before I reset seemed smarter if I used portable apps and then they were set forever, safe from Win10 refreshes. I spent about a week trying to track down my essential apps, and build my own portable versions of the ones I couldn't, before coming across two major portable app platforms, so I then tested those, and chose PortableApps.com's platform to be my solution, and installed that on my K: SSD 2tb ADATASu800 local disk, along with some of the other portable apps I had found the week prior. Also at this point I had just about finished modding my BIOS and testing it on one of the 2 selectable BIOS chips on my ASUS Rampage V Edition 10, as I figured I may as well update that and as ASUS had stopped a cpl years ago. (See pic 02.)

02  2022-05-04 09_12_38-New Issue · dragokas_hijackthis — Mozilla Firefox

So around Jan 25th, 2022, I had selected all the apps that would make the final cut, I had a tested my custom BIOS, for both stability and performance, with a selection of stress tests and head to head benchmarks vs the newest ASUS official BIOS. I did the fresh install of windows for the last time on Feb. 2, 2022, and immediately installed Bitdefender Total Security and went about installing all my apps. At first I was using Advanced Uninstaller and installing every app in monitored mode, but that was taking far too long, so just installed things as usual. Within two weeks bitdefender I was somehow having crazy issues with Bitdefender, so I did an offline scan with their offline USB app and then did a "repair upgrade" of Win10, and all was good for a while. Until I downloaded the driver for my Apogee Quartet audio interface. My security actually flagged it as a virus, but I figured it was a false positive, as it was the official driver package, from Apogee's website, that I had to put in my serial # to get the email link for....Anyways my pc went haywire and I was unable to use the System Restore point I had just made...So, yet another "repair install" (didn't do fresh install as I had already installed so many apps. Got things working again. Then about two weeks ago I downloaded a multi-stream plugin for OBS, scanned thru Bitdefender, no flags, used it a cpl times, then my PC just came to a crawl. Hard restarted, used Hitman Pro to scan which flagged OBS plugin..Cleaned that, and things still weren't good. Another repair install...Then I noticed Bitdender was using 2gb of ram at idle and eating up massive system resources. Did some poking around their user board and noticed a bunch off ppl just started reporting the same thing...So I got Bitdefender on live chat and demanded a partial refund, as I had suffered like 4 virus' since installing the "best AV software available."

So I went back to Windows Defender, but I also installed "SysHardener" by novirusthanks.org and then set a bunch of exploit protections to "on" in Windows _Defender....WHOOPS...I must have set things WAY to strict cause I couldn't do ANYTHING....I managed to reset Windows Defender, but then i was unable to type into any windows dialogue box. So not knowing what was causing it I ran Eusing Registy Cleaner, then HIBIT Uninstallers Reg Cleaner, and also used their Context Menu cleaner to remove a bunch of stuff I didn't want. When I logged back onto Windows, all of my apps were just using the same white windows icon and almost nothing would open..Fresh install. I then used HIRENS Boot USB to get into a recovery enviroment, and went a little overboard deleting stuff, as deleted the contents of most of the Hidden system folders like WIN.SXS, and also completely deleted everything in windows\system32\config and just put back the 5 main registry hives....I was pretty cheesed off that particular evening...Well I'm sure you know how that went. (see pic 03)

03  2022-05-04 13_28_22-

So anyways...Repair Install, which of course didn't work so well this time seeing as how I had just deleted all those hidden component stores where it would have normally used for that.. So then I used followed some bleepingcomputer tutorials that ended with MG Tools. That got things somewhat working again. Then I used HJT and of course instead of reading anything just assumed I knew how to use it instinctively.....Deleted all the disabled tasks thinking they were hijacked....dum dum...So rebooted, went to NIRSoft TaskSchedulerView-x64, to re enable all the tasks I had disabled earlier when I was trying to troubleshoot things..Well when I saw there were NO tasks at all, I quickly realized that HJT was just showing those tasks as disabled, because....I disabled them earlier...Anyways I used AliceDiag which repaired a lot of the damage I have caused...and my PC is working quite well atm, with the exception that i have to manually run CTFMON.exe in order to type into a windows box, which is no doubt from when I deleted something...

But anyways things are okay now, my performance is on point, and I am hoping you can tell me from those AUTOLOGGER files i just uploaded, if I have any remaining issues, and if so if they can be fixed. I REALLY don't want to do a FRESH Win10 install if I can avoid.

Only problem i notice is the CTFMON needing to be ran, and I can fix that easily enough by creating a tast or firing it in the Start folder. And I also am planning to install AVASTs free Security Suite as av-comparitives.org has it highly rated ATM..But Im not doing anything until I get word from your techs as to the current state of my poor OS. Thanks for your help.

OTHER THINGS TO NOTE:


My bcd file looked like this

Bcd_bak 2022-05-04 13_58_11-bcdbak txt - Notepad

I couldn't figure out what DENABLE_INTEGRITY_CHECKS meant, so I changed to this..

Current BCD 2022-05-04 14_00_20-Administrator_ C__Windows_system32_cmd exe

Is that okay??


AliceDiag results from a few hours before running AUTOLOGGER and writing this. AdliceDiagResults_[2022-05-04].txt RKill Results from just before that AliceDiag run. Rkill.txt

LATENCYMON Results from 2 days ago..Any idea why the DPC count from ntoskrnl.exe or the HardPageFaults to svchost.exe? LatencyMonResults.txt


POWERSHELL SCRIPTS I HAVE RUN: windows-tools-master.zip

REGISTRY VALUES I SET:

Registry tweaks 2022-05-04 14_20_25-

Alright I think that is probably more info than you wanted...

THANK YOU for your time!!

  1. What did you done before the problem occurs: _____
  2. What programs (browsers) affected by the problem: ____
  3. Steps to reproduce: _____
  4. Expected behavior: _____
  5. If applicable, add screenshots to help explain your problem. CollectionLog-2022.05.04-07.40.zip
dragokas commented 2 years ago

Hi, thank you for the log. We'll return to you as soon as possible.


Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics. Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

dragokas commented 2 years ago

Meanwhile, generally we don't provide support and recommendations for systems with non-malware related issues. However, I'm going to explain something for your particular case. I must say I think 90% of your problems related to using those many apps for "system optimization" and "lot of protection". Especially, registry cleaners - they are evil. Don't use it at all. Such tool will not improve your PC's performance. Registry is already designed as a well-optimized database. In most cases, you can't win by cleaning unused entries, just take a risk erasing important things. Also, read: https://support.microsoft.com/en-us/topic/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities-0485f4df-9520-3691-2461-7b0fd54e8b3a As about system hardening, it must be used very accurately with complete understanding each item influence. "Select all & apply & forget" is the worst thing that could be made. As about AV protection, don't install several antiviruses at once (if you do), they start to race and combat with each other, lead to low performance and malfunction at all. Installing one by one just to test is also not the best idea. Select only one product you trust. As about AV utilities. Never delete everything you see listed. They could contain false positives. Removing those can cause system malfunctioning. Especially, in HiJackThis. 95% entries are valid. Surely you can use it to disable some things, but you must understand what you do. The best way is to uninstall software those record is related to instead of killing it in such utilities. This is not instruction to follow, just a hint for future. Wait for our Helper to get the further recommendations. Also, if you really need those LOT of apps (to test), consider installing virtual machine (like VirtualBox / VMWare), and test new apps there, in isolated environment.

ravetank commented 2 years ago

"Meanwhile, generally we don't provide support and recommendations for systems with non-malware related issues. However, I'm going to explain something for your particular case."

I did not realize that. My apologies for posting in the incorrect space. Please feel free to delete as to not confuse others. Go figure the first time in I ever ask for help in the thirty years I've been using a pc, I ask in the wrong place...lol

ravetank commented 2 years ago

Thanks for the tips on registry cleaners. I have been using ccleaner for ten or so years, perhaps I shall stop.

ravetank commented 2 years ago

"As about AV protection, don't install several antiviruses at once"

Yes definitely never install multiple antivirus programs. I was installing a different one each fresh install to test them out.

dragokas commented 2 years ago

I did not realize that. My apologies for posting in the incorrect space. Please feel free to delete as to not confuse others. Go figure the first time in I ever ask for help in the thirty years I've been using a pc, I ask in the wrong place...lol

No, I mean other part of your question. Asking for PC cure is good. Sorry for confusing.

Thanks for the tips on registry cleaners. I have been using ccleaner for ten or so years, perhaps I shall stop.

Not completely. CCleaner is good for cleaning the file system. However registry entries is not recommended to touch with such software.

Yes definitely never install multiple antivirus programs. I was installing a different one each fresh install to test them out.

Uninstallers aren't so good. Some of AV can still leave traces (including not completely remove drivers / alternative data streams and so) which could lead to conflicts. That's why such experiments are dangerous.

Sandor-Helper commented 2 years ago

Hello, I confirm - there is no obvious signs of infection in Autologger's logs collection.