Share via

Cant delete malware

Anonymous
2023-06-02T10:30:22+00:00

I have an app in task manager calles moondustriesbianca, and it appears to be malware as my gmail and facebook account hacked.i am unable to delete it as it keep running and when i end task, it reappers. i have tried using malwarebytes but doesnt detect it as malware, please help me. thank you

i dont know what kind of trojan is this

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

_AW_ 67,926 Reputation points Volunteer Moderator
2023-06-02T12:09:04+00:00

Thanks. That seems to have taken care of the adware. If you want to remove the other policy restrictions, select all the bold text and press Ctrl + C to copy it, then run FRST and press Fix.

start::

HKU\S-1-5-21-3959293856-1355182806-1025034787-1001...\Policies\Explorer\DisallowRun: [1] Mshta.exe

HKU\S-1-5-21-3959293856-1355182806-1025034787-1001...\Policies\Explorer\DisallowRun: [2] powershell.exe

HKU\S-1-5-21-3959293856-1355182806-1025034787-1001...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe

end::


To completely remove FRST, rename it uninstall.exe and run it. The computer will reboot to complete the removal.

If there's nothing else, it would be appreciated if you would mark the thread as answered, by pressing Yes below the post or posts that provided the solution.

Good luck!

Was this answer helpful?

1 person found this answer helpful.
0 comments

7 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-06-02T11:34:23+00:00

    Was this answer helpful?

    0 comments
  2. _AW_ 67,926 Reputation points Volunteer Moderator
    2023-06-02T11:20:10+00:00

    Hi, could you please let me know whether you wish to keep the following policy restrictions:

    HKU\S-1-5-21-3959293856-1355182806-1025034787-1001...\Policies\Explorer\DisallowRun: [1] Mshta.exe

    HKU\S-1-5-21-3959293856-1355182806-1025034787-1001...\Policies\Explorer\DisallowRun: [2] powershell.exe

    HKU\S-1-5-21-3959293856-1355182806-1025034787-1001...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe

    
- Download the Fixlist linked below to the same folder FRST is in.
- Run FRST and press Fix.
- Upload the resulting Fixlog.

[https://1drv.ms/t/s!AqQnVFhmcB_wmlEK3kR4cy2bYHZK?e=QgO0lb](https://1drv.ms/t/s!AqQnVFhmcB_wmlEK3kR4cy2bYHZK?e=QgO0lb)

    Was this answer helpful?

    0 comments
  3. Anonymous
    2023-06-02T10:49:58+00:00

    Thank you so much!, i rarely use this computer and i think my sibling has been downloading weird thing

    here the file : https://drive.google.com/file/d/18UFGpBZhvmkju0NLXwTM\_R5Jg9s4Ut9A/view?usp=drive\_link

    Was this answer helpful?

    0 comments
  4. _AW_ 67,926 Reputation points Volunteer Moderator
    2023-06-02T10:34:51+00:00

    Hi Radja, if you scan with Farbar Recovery Scan Tool (FRST), and share the logs it creates, I'll help you remove it.

    https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    Run FRST as administrator, use default settings and press Scan. Two logs are created in the folder that FRST is run from, FRST.txt and Addition.txt. Zip the logs and share on OneDrive, Google Drive or any file sharing service, then post the share link.

    * Note: If you are downloading FRST with Edge, smartscreen will initially block it.

    Click on the 3 dots next to the warning and select Keep -> Show more -> Keep anyway.

    Was this answer helpful?

    0 comments