Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Ian3469

  1. Taking ownership worked! Oddly, SYSTEM was owner on the advanced page, chaging the owner to my user name worked perfectly. Thanks for everything!!
  2. Yep I can't edit permissions on the D: drive itself and one entire directory tree. However I can edit permissions on all the other directories.
  3. Is there any way to delete them? They don't come up in the add/remove progs dialogue. Actually, Anti-malware: Norton, Avast, Emsisoft Anti-Malware AND EEK, have all been saying all clean for a week now. So that's no indication, but the odd behaviour has stopped. So I'm going to chalk it up as a win. Thank you so much!!! OH Any ideas how to change permission settings on D: drive. "Edit" permissions button is clickable, but on the following screen all the options (Full control, Read, Write, etc) are greyed out because not even system or admin has "Write" or "Full Control" permission
  4. Yes thanks I think so too. I just ran FRST and glanced at the log I was curious about these 3 entries in "Installed Programs" list: Συλλογή φωτογραφιών (HKLM-x32\...\{A19A8C25-272A-4CD6-8BA8-3772321A021B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden 影像中心 (HKLM-x32\...\{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden 照片库 (HKLM-x32\...\{017E337D-D709-437C-83DB-71F82AA78BF6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Are they safe? Do you know what they are? Also, is there any way to get "decrypt_Amnesi
  5. Nevermind I was able to run it in Normal mode!! I'm guessing my deletion of iwxuj.ligi in safe mode earlier held on through this boot and it wasn't loaded to interfere with FRST. Either way, here's the log. I checked the startup folder it's empty Fixlog.txt
  6. OK I can only run FRST in Safe mode is that acceptable for this fix? Networking works in safe mode if that makes a difference.
  7. Absolutely! Great advice, I actually did that first thing. I upgraded my system firewall and set my router firewall to max. One of the softwares I DLed from here or Bleeping computer, said I had a port open and a SMB vulnerability and recommended I get a patch from Microsoft, which I did. The only port I Have open is for my home network sharing and I don't think that's in my router, just on my computer. I'll be honest, I'm a pro at computers, but my network knowledge is really minimal, it's definitely my achilies heel. But I am absolutely certain I've got these barn doors shut now that the hor
  8. I've decided to just keep the Computer in safe mode until the virus is taken care of. Interestingly when I booted safe mode with networking, wifi worked fine in fact it went back down to WiFi(4) in 'Control Panel\Network and Internet\Network Connections\' It deleted WiFi 1-2-3 & 4 in normal mode, and I just shut down before rebuilding the wifi a 5th time. I managed to delete the file that "lgudug.lnk" points to - "iwxuj.ligi", and I'm working on accessing the start menu to delete it from the Startup folder. I also uploaded that file before deleting it. I've run FRST and EEK again
  9. Not sure why this was moved to ransomware first aid. The ransomeware is decryptable, in blocks of 4-10 files at a time. That could be faster and more efficient but I think the virus is slowing it down. The main issue is the infection that is tearing apart my system. The latest symptom: I can no longer connect to the internet, the virus keeps deleting my WiFi connection (and wired) every time I rebuild a WiFi connection in network connections it is deleted before I can load a webpage fully. I'm up to WiFi adapter (5) before I gave up and turned off the computer.
  10. I've managed to run farbar! Partially. in normal mode!! If I have it on desktop, and start it THE INSTANT the desktop loads at boot then it runs for about 25 seconds -60 seconds. At some point something loads that shuts it down before addition.txt gets created. However FRST.txt gets created! I've included it here. Along with rkill log AND a bizarre link in the start menu startup folder. I've tried everything to delete it and it won't delete, the link or the file it points to. I'm about ready to boil my computer. Now E: drive is almost completely read only SYSTEM still has write, read and
  11. Please tell me what to do to get you more info? We can start with possible reasons / solutions why FRST program & webpage close as soon as they are opened I can browse any other page of the FRST website and I also signed up to be a member. It starts fine in safe mode, so there must be some way I can find out what is stopping it from loading/browsing
  12. Wow, where to start, I guess I'll quickly outline why I couldn't completely comply with the "Start here" instructions. So you know I read them and attempted to follow them. First, I had already cleaned several infected files off my computer with both Avast and Emsisoft (EEK) I exported those infos and have attached them. Second, I was NOT able to launch FRST or even go to their website in normal mode. So safe mode scans are attached despite instructions saying to run them in normal mode. ***Short Version*** Just the facts with minimal story added)**** Ransomware found on computer.
  • Create New...