R
Roy_288
Guest
Hi.
About a week ago i intended to briefly turn on "trust network" to check something and almost immediately I got some type of warning (from my Mcafee i believe, or at least it appeared to be) and then a webpage opened which, from what I saw I think there was some kind of message and.. code beneath it i think, much of it in red. I quickly closed that and tried to turn "don't trust network" back on but seemed to have trouble doing so at first, i kept disconnecting and.. it seemed noticeably slower before I finally managed.
I´m not very computer savvy but I started looking over things and keeping an eye out for changes and as I was doing that and learning more about what I was seeing I think something was claiming more admin privileges and if I´m not mistaken; eroding some of mine. So I started to limit connection time, turning off remote access etc. and downloading Malwarebytes as well (which found something but I believe unrelated to whatever problem I may be having) . And then I really started to notice things that made me fairly certain I did have some type of malware like: all measures I took would halt for a good long while during the process, (scans with MB and Mcafee, and clean/ repair /boot -tips I saw online etc) and it seemed to get harder and harder to start my defense programs and certain types of protections were turned off and I couldn't turn them back on again, EVEN in safe mode it seemed.
So finally I did a complete reinstall (of windows 10 on an msi stationary btw) and even restarted in safe mode right after to be sure and STILL the problem seems to persist. Just before this and after when I went to restart in safe mode I got the message: "If you start up now you and any other people using this PC could lose work" (or something close to that) and then when I did restart in safe mode it couldn't have been more than a few minutes before my options looked to be narrowing and then everything but the window I had up froze. Just now I started up in safe mode again and when I pressed windows defender I got a message saying: "System detected overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application". Also the last several (5-6 or more) -times I booted I got a message on desktop saying: "There is a file or folder on your computer called crogram which could cause certain applications to not function properly. Renaming it to crogram1 would solve this problem."
Now.. like I said I´m not very computer savvy but I think logic can safely assume that this IS malware, and a very sophisticated kind at that. So I have shut down my PC completely and unplugged the power (as the state it has been in most of the time the past 3-4 days). I did take a lot of screenshots during all this and pasted most of them in an external hard drive but as I understand it, the drive may be infected too now, and I cannot use my PC obviously so please don't give me an answer to the effect of ´give us more information and paste the report here or... ´download this and that on the PC and try to.. this and that´ And if you DO suggest the latter keep in mind I may not even get to that stage on the PC.
So maybe you can give me some advice and ´educated guesses´ about what it is and how to possibly deal with it?
Please help....
Edit / PS: I thought it might help others who (like me) don't know much about this kind of thing if they are directed to this post through a search, if I told them something I have learned during this week and maybe save them some time, which is that: There is a thing called "zero-day attacks" (you can read about it on wikipedia) where basically (as I understand it) when some new type of malware is created there often is no way for the antivirus software to deal with them YET, and that it may be some time before there even IS a solution available. So if for example someone here or support staff for your anti-malware programs can't help you, then it may be a good solution to turn off, unplug your infected device and then keep an eye out for solutions to new threats. But that's just my (someone who doesn't know much) assessment so far. Hope someone finds this helpful.
More...
About a week ago i intended to briefly turn on "trust network" to check something and almost immediately I got some type of warning (from my Mcafee i believe, or at least it appeared to be) and then a webpage opened which, from what I saw I think there was some kind of message and.. code beneath it i think, much of it in red. I quickly closed that and tried to turn "don't trust network" back on but seemed to have trouble doing so at first, i kept disconnecting and.. it seemed noticeably slower before I finally managed.
I´m not very computer savvy but I started looking over things and keeping an eye out for changes and as I was doing that and learning more about what I was seeing I think something was claiming more admin privileges and if I´m not mistaken; eroding some of mine. So I started to limit connection time, turning off remote access etc. and downloading Malwarebytes as well (which found something but I believe unrelated to whatever problem I may be having) . And then I really started to notice things that made me fairly certain I did have some type of malware like: all measures I took would halt for a good long while during the process, (scans with MB and Mcafee, and clean/ repair /boot -tips I saw online etc) and it seemed to get harder and harder to start my defense programs and certain types of protections were turned off and I couldn't turn them back on again, EVEN in safe mode it seemed.
So finally I did a complete reinstall (of windows 10 on an msi stationary btw) and even restarted in safe mode right after to be sure and STILL the problem seems to persist. Just before this and after when I went to restart in safe mode I got the message: "If you start up now you and any other people using this PC could lose work" (or something close to that) and then when I did restart in safe mode it couldn't have been more than a few minutes before my options looked to be narrowing and then everything but the window I had up froze. Just now I started up in safe mode again and when I pressed windows defender I got a message saying: "System detected overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application". Also the last several (5-6 or more) -times I booted I got a message on desktop saying: "There is a file or folder on your computer called crogram which could cause certain applications to not function properly. Renaming it to crogram1 would solve this problem."
Now.. like I said I´m not very computer savvy but I think logic can safely assume that this IS malware, and a very sophisticated kind at that. So I have shut down my PC completely and unplugged the power (as the state it has been in most of the time the past 3-4 days). I did take a lot of screenshots during all this and pasted most of them in an external hard drive but as I understand it, the drive may be infected too now, and I cannot use my PC obviously so please don't give me an answer to the effect of ´give us more information and paste the report here or... ´download this and that on the PC and try to.. this and that´ And if you DO suggest the latter keep in mind I may not even get to that stage on the PC.
So maybe you can give me some advice and ´educated guesses´ about what it is and how to possibly deal with it?
Please help....
Edit / PS: I thought it might help others who (like me) don't know much about this kind of thing if they are directed to this post through a search, if I told them something I have learned during this week and maybe save them some time, which is that: There is a thing called "zero-day attacks" (you can read about it on wikipedia) where basically (as I understand it) when some new type of malware is created there often is no way for the antivirus software to deal with them YET, and that it may be some time before there even IS a solution available. So if for example someone here or support staff for your anti-malware programs can't help you, then it may be a good solution to turn off, unplug your infected device and then keep an eye out for solutions to new threats. But that's just my (someone who doesn't know much) assessment so far. Hope someone finds this helpful.
More...