windows 10 non stop processes and account privilege's, malicious code

I have been at this for over a week for my pc running windows 10, issues with AV no detection, constant processes populating, random user/admin accounts, even partition tables boot loader has been muddled, need help with this thanks.

I have attached a farbar scan below. Let me know what steps to take and what information you need thanks!

Hello yabby101,
 
I am SQx and I will be handling your log to help you get cleaned up.
 
===================================================
 
Ground Rules:

• First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
• Back up any important data on your computer to external storage (hard disk, cloud, etc). I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
• It is important to not run any tools or take any steps other than those I will provide for you.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please copy and paste all logs into your post unless otherwise requested.
• Please note, using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
• Please understand that I am a student and my posts need to be approved by an Instructor before they appear here, this can add some delay but guarantees the quality in help.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================
 
Please give me some time to look it over and I will get back to you as soon as possible.

Hello yabby101,

I checked your logs and did not find any active malicious processes and activities.

I found only tools to unlock Activation Lock for Apple devices:

Name: Trojan:Win32/Vigorf.A
Path: file:_C:\Users\yabby\Downloads\Sliver5Windows (1).zip; file:_C:\Users\yabby\Downloads\Sliver5Windows.zip

Please do not use tools to hack the official firmware, as there is a high risk of infecting the device.
 
 

random user/admin accounts,

I found only one active Windows account, can you please provide more details, which accounts we are talking about?

Blankr (S-1-5-21-1397250274-771519352-1218721687-1012 - Administrator - Enabled) => C:\Users\Blankr

constant processes populating, even partition tables boot loader has been muddled

I did not find mentioned points, could you provide more details or screenshots.

Do You Still Need Help?

It has been 3 days since my last post.

• Do you still need help with this?
• If you have not replied within 48 hours I will assume you have abandoned the topic and it will be closed.

I have reattached my farbar results and want to know whats the next steps?

 FRST.txt   28.98KB   2 downloads

 Addition.txt   30.74KB   3 downloads

 Shortcut.txt   38.62KB   0 downloads

Greetings,

The provided FRTS logs looks the same, just realized the PC name was renamed to YAM and the following user account was removed:
 

Blankr (S-1-5-21-1397250274-771519352-1218721687-1012 - Administrator - Enabled) => C:\Users\Blankr

At the same time I did not find any malicious activities. 

Please don't ignore my questions that I asked earlier.

 
I found only one active Windows account, can you please provide more details, which accounts we are talking about?
 

constant processes populating, even partition tables boot loader has been muddled

I did not find mentioned points, could you provide more details or screenshots.

Greetings,

The provided FRTS logs looks the same, just realized the PC name was renamed to YAM and the following user account was removed:
 

Blankr (S-1-5-21-1397250274-771519352-1218721687-1012 - Administrator - Enabled) => C:\Users\Blankr

At the same time I did not find any malicious activities. 

Please don't ignore my questions that I asked earlier.

 

 
I found only one active Windows account, can you please provide more details, which accounts we are talking about?
 

constant processes populating, even partition tables boot loader has been muddled

I did not find mentioned points, could you provide more details or screenshots.

i have attached where i have seen them come and go, its generally within all folder directories and its always changing

Greetings,

It is normal behavior that Blankr account does not have the same settings, scheduled tasks and folders as Administrator.

These are two different users and sessions. I don't see anything harmful.

i have attached where i have seen them come and go, its generally within all folder directories and its always changing

this is normal to see.

Please let me know if you have any other concern.
 

One of the update services is not running properly, but you can try to run a troubleshooter to fix the problem. Go to Start button > Settings > Update & Security > Troubleshoot, and then select Windows Update.

windows defender wont switch on,

and firewall want switch on either with commands and restarts, whats the go?

Greeting,
 

One of the update services is not running properly, but you can try to run a troubleshooter to fix the problem. Go to Start button > Settings > Update & Security > Troubleshoot, and then select Windows Update.
 
windows defender wont switch on,
 
and firewall want switch on either with commands and restarts, whats the go?

According to the system event log mentioned issue can be related to the BITS service that is not working properly:

Error: (09/18/2023 10:47:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: 
%%2147943458 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

In this case, there are two ways to fix the problem:
- perform an In-place Upgrade (Fastest way)
- try to restore system files and registry (the slowest method may take a week depending on the difficulty and you may still end up having to do the in-place upgrade)

I recommend to perform In-Place Upgrade.

How to perform an In-place Upgrade:
----------------------------------------------------
Note: Before you begin this process please make sure you have a working backup (in the cloud or external hard drive and so on).

• Download Windows 10 Installation Media.
• Once the download is complete, double click to run the application.
• Once the process starts, you should see the Microsoft License terms. Accept it.
• Select Upgrade PC Now option once you will see "What do you want to do?" window.
• Click next, and the tool will start downloading the files. 
• Note: It will take a while, and it depends on the speed of your internet connection
• Once the download is complete, you will have the option to keep your personal files or start fresh.
• Select keep your personal files and apps option.

----------------------------------------------------

Edited by SQx, 21 September 2023 - 11:32 AM.

Do You Still Need Help?

It has been 3 days since my last post.

• Do you still need help with this?
• If you have not replied within 48 hours I will assume you have abandoned the topic and it will be closed.