Windows 10 Trojan message

I got a message saying Windows Defender reported my computer has a trojan.

 

The message consisted of 2 popup windows that will not close.   I closed the browser with task manager.

Also told me to call windows support with an 877 number.

This looks like some kind of fake message to me.  

will do a screen print if needed.

Greetings and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

• First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
• It is important to not run any tools or take any steps other than those I will provide for you.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please copy and paste all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
• 2 Notepad documents should now be open on your desktop.
• Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• FRST.txt
• Addition.txt

Hi Gary

Ty for your help.

 

Downloaded Farbar.   File is in Downloads.   Clicked on it and it said what do you want to use to open this file.

 

 

Husky/Mike

Please do this. If it is unsuccessful boot into Safe Mode and try to run FRST64.exe.

===================================================

Rkill

-------------------

• Please download all 3 versions of RKill by Grinler, not including the zip version, and save them to your desktop
• Disable your anti-malware software. Please refer to this page if you are not sure how.
• Double click on Rkill to launch the program. If one download version does not launch try a different one.
• Note: You may have to run Rkill a few times before it is successful
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• Please copy and paste the contents of the Rkill report that will appear on your desktop in your reply (file is also located at c:\rkill.log)
• Do not reboot your computer after running Rkill. If your computer reboots run Rkill again before continuing on
• If nothing happens or if the tool does not run, please let me know in your next reply.
• Attempt to run a FRST scan and post the results

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• FRST reports

Ok booted in safe mode. Can not down load. Cannot get out of safe mode

Also tried to cilcklink to krill did not work

Also booted up on my tablet to contact you

I have an old computer. Will try to download krill.

Was able to get out of safe mode by using msconfig.
Searched for Rkill and downloaded.
Ran it. It disabled windows defender.
Ran Rkill64. It disabled windows defender

copy was not working last night.

here is the results of Rkill.

It sounds like you were able to download FRST64.exe but unable to run it. If that is the case, you do not need to download it after booting into Safe Mode, simply try to launch the already downloaded file.

Did you try to run a FRST scan immediately after successfully running Rkill?

I installed Malwarebytes and ran it. Also I had to run Rkill 3 or 4 times.

I ran Rkill this morning again after booting.

Edited by husky1954, 21 June 2024 - 09:12 AM.

Please don't run any tools unless requested or take independent actions.

Please see my previous post.

Should I download FRST64.exe and run it?

 

Sorry for running things.   I had surgery for cataracts Wednesday and I had some problems reading yesterday.

Seeing better today.

Edited by husky1954, 21 June 2024 - 09:37 AM.

No problem, we just need to be on the same page. Glad you are doing better.

Yes, here are the instructions again.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
• 2 Notepad documents should now be open on your desktop.
• Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• FRST.txt
• Addition.txt