I am infected.

[marcelopsr]

I was looking for info on a new korean game called tree of saviour and i found a webpage siliconera.com which apparently had a good image of the game classes so i tried to go into the page and suddenly a windows want to execute cmd something came up and i went full retard and put yes my laptop suddenly restarted and know my windows defender is death an error pops up saying the following "The Specified sevice does not exists as an installed service (Error code: 0x80070424)" googled how to repair it download a regedit file tried it rebooted laptop and know my antivirus is off and cant be turned on. i woudl appreciate any help with this problem.
PD: my default restore point doesnt exist any longer.. it must be because of this problem..
Edit: just installed malwarebytes and removed 2 trojans any real time protection from anti avira or malware bytes cant be turned on.

 

[indianacarnie]

Welcome to the forums marcelopsr! Wish it could be under better circumstances though. You can try running this free online scanner, its helped me before.

Free Virus Scan | Online Virus Scanner from ESET

 

[ShamrockRig]

Hey there and welcome to SevenForums.

Id Recommend the following after running ESET.
Download these 3 programs, Boot into safe mode and run in the order as follows,

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.

AdwCleaner: (Cleans Adware From the Computer)
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Save to the desktop.

Close all open programs.
To run the program, right-click AdwCleaner.exe and select: Run as Administrator

Click on Search and confirm the prompt.
After the program finishes, a text file report opens.

To delete:
Run AdwCleaner once again.
This time click on: Delete




download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

[marcelopsr]

thanks guys i am gonna try doing all these things you suggested.
the malwarebytes have detected 2 trojans and 1 backdoor.bot and they are in quarantine but i still cant active the real time protection

the rkil stopped working midway... and the problem had to close.
2nd link also stopped working but it was way quicker than the first.

 

[ShamrockRig]

Did you do it in safe mode?

 

[Jacee]

This is an article about Backdoor.bots Backdoor.Bot - Virus Removal Guide
Don't buy anything as it says at the bottom of the page. All the tools listed for disinfecting are free!

 

[cottonball]

marcelopsr,

There is not much point to doing cancer surgery without first pinpointing the malignancy!

Please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the cause of your issues.

:info: Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
:ar: Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
:ar: Also post the Addition.txt in your reply.


:info: Also, use the Farbar Service Scanner
Download: Downloading Farbar Service Scanner

Let's get a view of all services and dependencies scoped by the tool...

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Press: Scan

When done, FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.

Thank you.