missing Windows Service Integrity cause by malwares,trojan,virus etc

Home Forums Astral Meta Forum Community Tech Support missing Windows Service Integrity cause by malwares,trojan,virus etc

This topic contains 10 replies, has 3 voices, and was last updated by Profile photo of AL2Meta AL2Meta 3 months ago.

Topic Rating:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #1548
    #1549
    Profile photo of AL2Meta
    AL2Meta
    Moderator
    Points: 272

    I don’t see anything wrong with your PC other than you’re missing some Windows components.

    I need more details like:

    What other problems are you seeing? Are you seeing an ad randomly appearing on your computer? Is your computer too slow? Are there some anomaly you are experiencing?

    Those components you mentioned (ie. AppMgmt, PeerDistSvc, CscService) are not really essential to your PC unless you are running WAN (Wide Area Network), as in an office or a corporate setting. If they were deleted from your system, I highly suspect that they were removed by your anti-virus software because, more likely, they were corrupted. Those components can be used by hackers to remote control your PC. To fix the missing components issue, you need to reinstall Windows by doing a Factory Reset.

    But when doing a Factory reset, when you are given the option to “Keep my files” or “Remove everything”. Choose “Keep my files” if you wanted to reintall only Windows but keep your saved files in your computer.

    But before that, provide me some details of your PC, like what brand, what operating system you are using.

    Post me your progress and I’ll guide you step-by-step.

    #1555
    Profile photo of Zero
    Zero
    Participant
    Points: 63

    Of course, the easiest solution would be… factory reset.

    Just back up everything. No need to labor fixing a system that’s already broken when you can just get a new one. ¬†ūüėé

    Zero

    #1581
    Profile photo of AngelitaYape
    AngelitaYape
    Participant
    Points: 43

    hello? sorry took me a while to come back  i wanted to confirmed where the treat is coming from before i reply here..

    to Al2meta yes i have some ads before but after i used windows def, malware bites,hitmanpro, kaspersky and other anti malware i was able to delete some viruses and trojan that was secretly downloded to my pc. Even my windows def is currently protecting my pc the unwanted program can install to my pc without my permission and cant be detected unless i use other programs such as kaspersky, malwarebites, adwcleaner. Last time i uninstalled google crome and deleted some programs that keeps getting back in my registries, for some reason the unwanted program stop but to confirm if its using only google to  secretly  bypass me i reinstalled google and did a adwcleaner scan and found these:

    under scheduled tasks; Microsoft\Windows\Memory Diagnostic\video Memory Diagnostic

    crome ; statup urlsL 1.  www.initialsite123.com/?z=85c808b0decc4b3c669d9ag6z0tccetbg0oewdwcg&from=fss&uid=HGSTXHTS541010A9E680_JA100A1F33YTLM33YLMX&type=hp
    [Link converted to code to prevent hyperlinking into malicious site]
    ~Mod

    homepage : same

    i cannot find this in google settings but comes out whenever i have google crome, these links secretly use to dowload unwanted program to my pc.

     

    #1585
    Profile photo of AngelitaYape
    AngelitaYape
    Participant
    Points: 43

    What should I do now, hence it won’t go away?
    Ives tried using malwarebites and etc, but it will just come back after I delete it.

    Whenever I scan using malwarebites it says no problem ?
    I think the trojan or virus doing this is keeping itself somewhere safe that my anti programs can’t detect.

    #1583
    Profile photo of AL2Meta
    AL2Meta
    Moderator
    Points: 272

    By the looks of it, it seems you have been infected by the adware program InisitalSite123. It is a browser hijacker that comes bundled in some free software that you download from the Internet. That’s the problem with some free software, sometimes they don’t disclose the programs that will be installed along with the installation of their software, or if they did, and you allowed them, then that’s how you got this malware.

    What Initialsite123 does to your computer’s browsers is that it sets their homepage and search engine to ‘http://initialsite123.com’ without your permission. Then it will append the argument ‘http://initialsite123.com’ to random Windows shortcuts on your desktop and your Windows Start Menu.

    I’m sure this is what you get on your homepage:

    InitialSite123.com

    Even if you remove the shortcuts from their browser links, you might notice that they are added back. This is because the initialsite123.com program uses a Windows service that hijacks the shortcuts again when it detects if the shortcuts have been cleaned, and as long as this program is in your computer, the process will just keep on repeating.

    The solution to this problem is that you should remove initialsite123. Go to your Windows Control Panel, then Programs. Choose to uninstall a Program. Look for InitialSite123 and uninstall it. Note that sometimes, these programs disguise themselves with another name (ie. SunnyDay).

    NOTE: Sometimes, there are programs that will interfere with the removal process. So you may need to install Rkill. I suppose you already have it. Rkill will search your computer for active malware infections and attempt to terminate them.

    Now, to search for unwanted programs, you can try to sort the program base on installation date. Scroll through the list, and uninstall any unwanted programs.

    If you’re not sure which program to uninstall, you can use Revo Uninstaller and it should do the work for you.

    If still in doubt, just use Zemana Antimalware. You can use the free version. It can detect malicious programs that some antivirus may fail to find. Install the software on your computer. Once done, run Zemana AntiMalware and do a system scan. Wait until scan is complete.

    When Zemana has finished scanning, it will show a screen that displays any malware it has detected. To remove all the malicious files, click on the “Next” button. It will now start to remove all the malicious programs from your computer.

    After Zemana has done its job, you can either use MalwareBytes or ADWCleaner as a follow up. Since you already have ADWCleaner, just stick with it. These programs will scan your computer for adware programs. Ok, so you may ask why this is needed when you already had Zemana? Well, the difference is that these two softwares are designed more on hunting adwares and since InitialSite123 is an adware-related issue, then this is where these programs work best.

    After all the search and clean up process done by either MalwareBytes or ADWCleaner, the next step is to install HitmanPro. Btw, when you visit the download page, download the version that corresponds to the bit-type of the Windows version you are using.

    Install HitmanPro and when at the setup screen, you have two options. If you would like to install the 30 day trial for HitmanPro, select the Yes, create a copy of HitmanPro so I can regularly scan this computer (recommended) option. Otherwise, if you just want to scan the computer this one time, please select the No, I only want to perform a one-time scan to check this computer option. Click Next.

    I included HitmanPro in the instruction as an additional fail-safe procedure to make sure we clean everything. HitmanPro is also a program that scans computers for infections, adware, and potentially unwanted programs. After scanning your computer with HitmanPro, choose to remove the detected items. You will be prompted to reboot. You should reboot.

    Finally, you may have to check your browsers for changes like the Home Page setting. Set the Home page away from InitialSite123 and remove any plugins that may be associated with the adware.

    Please let me know if it works.

    #1593
    Profile photo of AngelitaYape
    AngelitaYape
    Participant
    Points: 43

    Hi i did as instructed but still the initial link is still there when i install google or any browser compatible for hijacking.. I have tried to delete again but after some time it just back and the longer the link is avail the more unexpected progs. Enter and install without my permission .. Pls.. Is there a way u can chexk it via Online?

    #1594
    Profile photo of AL2Meta
    AL2Meta
    Moderator
    Points: 272

    What is back? InitialSite123? Did you follow all the steps? It should be gone by now.¬†You have to do everything step by step as instructed, starting from RKill, then Revo Uninstaller to uninstall the unwanted program down to the last step. Also, download a fresh browser installer. Don’t use the one on your computer.

    If all fails… then follow the instructions provided here: (in case you have multiple virus infection.)

    How to clean your PC from multiple virus infection?

    #1596
    Profile photo of AngelitaYape
    AngelitaYape
    Participant
    Points: 43

    yes i followed step by step , rkil reported same error from above only, the rest anti- reported nothing, but i added JRT and it reported me

    File System: 1

    Successfully deleted: C:\ProgramData\productdata (Folder)

    i have deleted this twice already from the first run.

    screenshot of initial

    https://drive.google.com/open?id=0B3jL7FIGYHfRb3BfZ3Rmd3ZfVXM

    https://drive.google.com/open?id=0B3jL7FIGYHfRaGtLNEROZkJsalU

    i will try your link..

     

    #1598
    Profile photo of AngelitaYape
    AngelitaYape
    Participant
    Points: 43

    Hello, I followed the recommendation to factory reset my system. i ¬†decided to update win def and it says the same “all good” so I tried to install google but b4 installing I applied rkill and found below:

    https://1drv.ms/i/s!AmHXr1GVpJM0gTBX89MS0W2OIvqF

    * C:\Windows\SysWOW64\UMonit64.exe (PID: 4916) [WD-HEUR]
    * C:\Users\Angelie\AppData\Local\Temp\GUM9FC1.tmp\GoogleUpdate.exe (PID: 3092) [T-HEUR]
    * C:\Users\Angelie\AppData\Local\Temp\GUM9FC1.tmp\GoogleUpdateSetup.exe (PID: 6864) [T-HEUR]

    I deleted the file inside syswow64 because I do not use umonit64 and the credential is not from windows.. but a Chinese. I tried using revo but it says install., so I manually deleted the file. and I cleaned temp. my pc is fresh factory.

    #1600
    Profile photo of AL2Meta
    AL2Meta
    Moderator
    Points: 272

    According to your report, everything’s cleaned now except that you have to change the home and start up url of Chrome to something else other than initialsite123.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic. You may login using: