Need some serious help, been hit by malware

For general computer discussion & help, come here

Moderators: Bakhtosh, EvilHomer3k

Post Reply
User avatar
jztemple2
Posts: 11545
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Need some serious help, been hit by malware

Post by jztemple2 »

My wife clicked on an attachment to our Spectrum bill, only it turned out not to be the Spectrum bill, it was bad stuff. I've deleted the email and the attachment, which was an iso, but now I'm getting this pop-up from Malwarebytes every minute. I've also deleted a .vbs file which I found in her Documents folder. I've tried deleting that jsc.exe file but I'm blocked because I don't have permissions from "TrustedInstaller".

I'm rather at a loss at what to do next. That Malwarebytes pop-up comes up now several times a minute and I can't seem to find a setting in Malwarebytes to tell it to stop telling me and just do something about it.

Image

Image
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
User avatar
Blackhawk
Posts: 43501
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: Need some serious help, been hit by malware

Post by Blackhawk »

#1. Unplug the PC from the network.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Isgrimnur
Posts: 82094
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Need some serious help, been hit by malware

Post by Isgrimnur »

Image
It's almost as if people are the problem.
User avatar
jztemple2
Posts: 11545
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: Need some serious help, been hit by malware

Post by jztemple2 »

OK, so deleting jsc.exe isn't what I need to do. And unplugging from the internet doesn't fix the problem.So something is repeatedly trying to access a website, is that it? Is there a way to figure out what process is trying to do that?
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
User avatar
LawBeefaroni
Forum Moderator
Posts: 55316
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: Need some serious help, been hit by malware

Post by LawBeefaroni »

jztemple2 wrote: Fri May 27, 2022 11:54 am OK, so deleting jsc.exe isn't what I need to do. And unplugging from the internet doesn't fix the problem.So something is repeatedly trying to access a website, is that it? Is there a way to figure out what process is trying to do that?
I think the recommendation to unplug from the network was to limit damage, not fix the problem.

It looks like it is trying to use Jscript to do something but I'll defer to the experts..
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: Need some serious help, been hit by malware

Post by Pyperkub »

Isgrimnur wrote: Fri May 27, 2022 11:32 am Image
To verify that your jsc.exe is the correct one, launch a command prompt/powershell prompt and run sfc /scannow (system file checker, scan system files to verify they are the correct ones).
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
gilraen
Posts: 4313
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: Need some serious help, been hit by malware

Post by gilraen »

The jsc.exe file is most likely legit. Con-ip.com is a DNS redirection service, so the malware is trying to hijack your web browsing.

Try to download and run RogueKiller - it's something that seems to be recommended a lot on the Malwarebytes forum by their own tech experts in response to this type of error.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Need some serious help, been hit by malware

Post by Anonymous Bosch »

jztemple2 wrote: Fri May 27, 2022 11:20 am My wife clicked on an attachment to our Spectrum bill, only it turned out not to be the Spectrum bill, it was bad stuff. I've deleted the email and the attachment, which was an iso, but now I'm getting this pop-up from Malwarebytes every minute. I've also deleted a .vbs file which I found in her Documents folder. I've tried deleting that jsc.exe file but I'm blocked because I don't have permissions from "TrustedInstaller".

I'm rather at a loss at what to do next. That Malwarebytes pop-up comes up now several times a minute and I can't seem to find a setting in Malwarebytes to tell it to stop telling me and just do something about it.
I would strongly recommend using the free TronScript (and reading through the linked documentation), as previously mentioned here:
Anonymous Bosch wrote: Tue May 17, 2022 12:19 pm In terms of getting a poorly-running and/or compromised Windows PC back to functionality, TronScript will likely prove to be more effective.

Here's a tutorial video that walks you through how to use it:

"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Blackhawk
Posts: 43501
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: Need some serious help, been hit by malware

Post by Blackhawk »

LawBeefaroni wrote: Fri May 27, 2022 12:07 pm
jztemple2 wrote: Fri May 27, 2022 11:54 am OK, so deleting jsc.exe isn't what I need to do. And unplugging from the internet doesn't fix the problem.So something is repeatedly trying to access a website, is that it? Is there a way to figure out what process is trying to do that?
I think the recommendation to unplug from the network was to limit damage, not fix the problem.
Right, yanking the network cable prevents anything from your system getting to them, prevents them from getting to your system, and prevents it from spreading to other machines on your network. That is always the first step when you think you are compromised. Stop it from doing more than it already has, and then figure out how to remove it.

Think of it as a quarantine.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
jztemple2
Posts: 11545
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: Need some serious help, been hit by malware

Post by jztemple2 »

RogueKiller didn't find anything :(. I'm still reading through the scary documentation of Tron :shock:

I did figure out how to stop the constant Malwarbytes pop-ups by turning off the notifications. Not really much of an issue right now and frankly I think my wife just ignores them anyway :roll:.

So what I think I have is something that uses Javascript to call jsc.exe to try to contact a website. Malwarebytes keeps blocking that so at least no damage is being done.

And here is more info someone might be able to use, first the report that Malwarebytes generates

Code: Select all

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/27/22
Protection Event Time: 12:42 PM
Log File: 0fb6d12e-dddc-11ec-aafa-70b5e8317333.json

-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1676
Update Package Version: 1.0.55476
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1645)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: fcairo.con-ip.com
IP Address: 194.213.3.27
Port: 333
Type: Outbound
File: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe



(end)
Next is a .json log file generated by Malwarebytes

Code: Select all

FB64D9DE141C076EAC9A44D8374E912DDFC3C8D1925A0FB348565C4C10EA24C3
{
   "applicationVersion": "4.5.9.198",
   "chromeSyncResetQueryRequested": false,
   "chromeSyncResetQueryResult": false,
   "clientID": "",
   "clientType": "other",
   "componentsUpdatePackageVersion": "1.0.1676",
   "coreDllFileVersion": "0.0.0",
   "cpu": "x64",
   "dbSDKUpdatePackageVersion": "1.0.55474",
   "detectionDateTime": "2022-05-27T15:53:49Z",
   "fileSystem": "NTFS",
   "id": "33369032-ddd5-11ec-8d45-70b5e8317333",
   "isUserAdmin": true,
   "licenseState": "licensed",
   "linkagePhaseComplete": false,
   "loggedOnUserName": "System",
   "machineID": "",
   "os": "Windows 10 (Build 19044.1645)",
   "schemaVersion": 20,
   "sourceDetails": {
      "type": "mwac"
   },
   "threats": [
      {
         "ddsSigFileVersion": "",
         "linkedTraces": [

         ],
         "mainTrace": {
            "archiveMember": "",
            "archiveMemberMD5": "",
            "cleanAction": "block",
            "cleanResult": "successful",
            "cleanResultErrorCode": 0,
            "cleanTime": "",
            "generatedByPostCleanupAction": false,
            "hubbleRequestErrorCode": 0,
            "id": "33369033-ddd5-11ec-88de-70b5e8317333",
            "igExitCode": "",
            "isPEFile": false,
            "isPEFileValid": false,
            "isWhitelistedByAdsInfo": false,
            "linkType": "none",
            "objectMD5": "",
            "objectPath": "",
            "objectSha256": "",
            "objectSize": -1,
            "objectType": "website",
            "resolvedPath": "",
            "websiteData": {
               "blockType": 12,
               "ip": "194.213.3.27",
               "isInbound": false,
               "port": 333,
               "processPath": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\jsc.exe",
               "url": "fcairo.con-ip.com"
            }
         },
         "ruleID": -1,
         "ruleString": "",
         "rulesVersion": "0.0.0",
         "srcEngineComponent": "unknown",
         "srcEngineThreatNames": [

         ],
         "threatID": -1,
         "threatName": ""
      }
   ],
   "threatsDetected": 1
}
I guess I'm still trying to figure out what file is generating those Javascript executions. Right now I can't figure out how to trace that. If this was MS-DOS I could do that... :roll:
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
User avatar
Blackhawk
Posts: 43501
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: Need some serious help, been hit by malware

Post by Blackhawk »

I wouldn't assume that no damage is being done. Reduced, maybe.

If you have the means, back up any vital data on the system, just in case (and be sure to scan the backups afterwards.)
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: Need some serious help, been hit by malware

Post by Pyperkub »

Blackhawk wrote: Fri May 27, 2022 1:44 pm I wouldn't assume that no damage is being done. Reduced, maybe.

If you have the means, back up any vital data on the system, just in case (and be sure to scan the backups afterwards.)
Yah, can boot into safe mode and run Malware bytes from there too.
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
jztemple2
Posts: 11545
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: Need some serious help, been hit by malware

Post by jztemple2 »

Blackhawk wrote: Fri May 27, 2022 1:44 pm I wouldn't assume that no damage is being done. Reduced, maybe.

If you have the means, back up any vital data on the system, just in case (and be sure to scan the backups afterwards.)
I keep backups of her computer for that reason. I've already done multiple scans today.

I don't know if any more damage is being done, but I can't really do anything more right now than I have. She's already gone back on using the computer (without asking me :roll:).

I wonder if there is a way to track what programs are doing Javascipt calls? Off to the internet!
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
User avatar
jztemple2
Posts: 11545
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: Need some serious help, been hit by malware

Post by jztemple2 »

Pyperkub wrote: Fri May 27, 2022 1:47 pm
Blackhawk wrote: Fri May 27, 2022 1:44 pm I wouldn't assume that no damage is being done. Reduced, maybe.

If you have the means, back up any vital data on the system, just in case (and be sure to scan the backups afterwards.)
Yah, can boot into safe mode and run Malware bytes from there too.
Hmm, how do I reboot windows in safe mode? I used to know that but I'm unsure now.

UPDATE: Found a site with five recommended methods!
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Need some serious help, been hit by malware

Post by Anonymous Bosch »

jztemple2 wrote: Fri May 27, 2022 1:38 pm I'm still reading through the scary documentation of Tron :shock:
You really needn't fret over anything. The video above walks you through and clearly demonstrates precisely what TronScript does and how it operates. But I think it's always a sensible notion to read documentation when you can.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Blackhawk
Posts: 43501
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: Need some serious help, been hit by malware

Post by Blackhawk »

jztemple2 wrote: Fri May 27, 2022 1:51 pm
Blackhawk wrote: Fri May 27, 2022 1:44 pm I wouldn't assume that no damage is being done. Reduced, maybe.

If you have the means, back up any vital data on the system, just in case (and be sure to scan the backups afterwards.)
I keep backups of her computer for that reason. I've already done multiple scans today.

I don't know if any more damage is being done, but I can't really do anything more right now than I have. She's already gone back on using the computer (without asking me :roll:).

I wonder if there is a way to track what programs are doing Javascipt calls? Off to the internet!
If everything is backed up and safe, have you considered just nuking it and reinstalling Windows? It's a hassle, but it isn't that much more effort than what you are already doing, and it is the closest thing to a guarantee you can get that it's gone.

It also solves the potential future issue of compromised or corrupted files creating technical problems.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
jztemple2
Posts: 11545
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: Need some serious help, been hit by malware

Post by jztemple2 »

Blackhawk wrote: Fri May 27, 2022 2:02 pm If everything is backed up and safe, have you considered just nuking it and reinstalling Windows? It's a hassle, but it isn't that much more effort than what you are already doing, and it is the closest thing to a guarantee you can get that it's gone.

It also solves the potential future issue of compromised or corrupted files creating technical problems.
If it was my computer it wouldn't be an issue, but she's got all these tweaks and settings and her tax programs and stuff on hers and she's really, really not happy with losing all that and have to reinstall and reset everything. I'll do it if I'm sure there's more to this than endless URL calls that are being blocked by Malwarebytes, but it will be a last resort.
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: Need some serious help, been hit by malware

Post by Pyperkub »

Blackhawk wrote: Fri May 27, 2022 2:02 pm
jztemple2 wrote: Fri May 27, 2022 1:51 pm
Blackhawk wrote: Fri May 27, 2022 1:44 pm I wouldn't assume that no damage is being done. Reduced, maybe.

If you have the means, back up any vital data on the system, just in case (and be sure to scan the backups afterwards.)
I keep backups of her computer for that reason. I've already done multiple scans today.

I don't know if any more damage is being done, but I can't really do anything more right now than I have. She's already gone back on using the computer (without asking me :roll:).

I wonder if there is a way to track what programs are doing Javascipt calls? Off to the internet!
If everything is backed up and safe, have you considered just nuking it and reinstalling Windows? It's a hassle, but it isn't that much more effort than what you are already doing, and it is the closest thing to a guarantee you can get that it's gone.

It also solves the potential future issue of compromised or corrupted files creating technical problems.
And, of course, if you used a USB stick for moving files, doing backups, you should scan it and make sure that any malware didn't infect the USB stick. That's another fun attack vector! ;)
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
Kasey Chang
Posts: 20750
Joined: Sat Oct 30, 2004 4:20 pm
Location: San Francisco, CA
Contact:

Re: Need some serious help, been hit by malware

Post by Kasey Chang »

Looks like MalwareBytes just blocked traffic to a weird IP address for you. It's traced to a "risky" ISP in UK called "Daniel Jackson".

Which is likely a proxy to forward the IP somewhere else, but then, what's what con-ip.com is: a DNS redirector (points you somewhere else). It appears to be hosted in Spain as it referenced Spanish laws and half the site was written in Spanish.

Something was loaded into your registry autorun every few minutes to try a different address (or same address).

If you are serious about tracking this down, you may need Microsoft PowerToys Process Explorer and Process Monitor

https://docs.microsoft.com/en-us/sysint ... s-explorer

https://docs.microsoft.com/en-us/sysint ... ds/procmon

Basically, use Procmon to figure out who's calling the JSC.exe, and/or use Process Explorer to find it

Another possibility is to use Autoruns to figure out what had been added that calls the JSC

https://docs.microsoft.com/en-us/sysint ... s/autoruns

I personally doubt this malware is messing with your computer that much. I think it's a trojan that wants to download additional malware to your system and that's been blocked. I recommend downloading those system tools on USB stick and keep your system off the Internet until you figure it out.
My game FAQs | Playing: She Will Punish Them, Sunrider: Mask of Arcadius, The Outer Worlds
User avatar
Daehawk
Posts: 63530
Joined: Sat Jan 01, 2005 1:11 am

Re: Need some serious help, been hit by malware

Post by Daehawk »

Didn't this just happened recently?
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
jztemple2
Posts: 11545
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: Need some serious help, been hit by malware

Post by jztemple2 »

Kasey Chang wrote: Fri May 27, 2022 8:43 pm Looks like MalwareBytes just blocked traffic to a weird IP address for you. It's traced to a "risky" ISP in UK called "Daniel Jackson".

Which is likely a proxy to forward the IP somewhere else, but then, what's what con-ip.com is: a DNS redirector (points you somewhere else). It appears to be hosted in Spain as it referenced Spanish laws and half the site was written in Spanish.

Something was loaded into your registry autorun every few minutes to try a different address (or same address).

If you are serious about tracking this down, you may need Microsoft PowerToys Process Explorer and Process Monitor

https://docs.microsoft.com/en-us/sysint ... s-explorer

https://docs.microsoft.com/en-us/sysint ... ds/procmon

Basically, use Procmon to figure out who's calling the JSC.exe, and/or use Process Explorer to find it

Another possibility is to use Autoruns to figure out what had been added that calls the JSC

https://docs.microsoft.com/en-us/sysint ... s/autoruns

I personally doubt this malware is messing with your computer that much. I think it's a trojan that wants to download additional malware to your system and that's been blocked. I recommend downloading those system tools on USB stick and keep your system off the Internet until you figure it out.
Thanks for those recommendations! Those will be good tools for the toolbox. As it is, RogueKiller (or RougeKiller for those who remember an earlier thread :wink:) did finally come through, although it was on the third time I did a scan with it.
Image

The folder that had that .vbs file also had several others which I assume were associated with the malicious Javascript calls. I deleted the whole folder and that ended the trojan website calls.

I did have this dialog box come up a couple of times, but after that it stopped as well.
Image

Since then no more malicious web connecting. So everything seems to be fine and I appreciate all the help everyone has given. OOer's are the best in a crisis! :horse:

Now I'm just dealing with a minor issue on her machine that came up a week or so ago. I have had the machine power manager set to put her rig to sleep after twenty minutes, same with the monitor. Been working just fine for a couple of years. Now, suspiciously after the last Windows update, the machine has been randomly waking up, but not often enough for me to figure out a pattern. It's such a minor issue that I've not bothered dealing with it for the time being, but I'll do some research on it eventually. My wife isn't bothered by it, she'd rather have the thing on twenty-four hours a day anyway :roll:
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
User avatar
Daehawk
Posts: 63530
Joined: Sat Jan 01, 2005 1:11 am

Re: Need some serious help, been hit by malware

Post by Daehawk »

Mine runs 24/7...this one 11 years now.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
Kasey Chang
Posts: 20750
Joined: Sat Oct 30, 2004 4:20 pm
Location: San Francisco, CA
Contact:

Re: Need some serious help, been hit by malware

Post by Kasey Chang »

jztemple2 wrote: Fri May 27, 2022 10:56 pm
Since then no more malicious web connecting.
Yeah, sounds like you caught it in time.

Consider disabling WSH to block this type of errors altogether via a simple regedit of policies.

https://www.ryadel.com/en/disable-windo ... s-malware/
My game FAQs | Playing: She Will Punish Them, Sunrider: Mask of Arcadius, The Outer Worlds
User avatar
naednek
Posts: 10866
Joined: Tue Oct 19, 2004 9:23 pm

Re: Need some serious help, been hit by malware

Post by naednek »

Anonymous Bosch wrote: Fri May 27, 2022 12:41 pm
jztemple2 wrote: Fri May 27, 2022 11:20 am My wife clicked on an attachment to our Spectrum bill, only it turned out not to be the Spectrum bill, it was bad stuff. I've deleted the email and the attachment, which was an iso, but now I'm getting this pop-up from Malwarebytes every minute. I've also deleted a .vbs file which I found in her Documents folder. I've tried deleting that jsc.exe file but I'm blocked because I don't have permissions from "TrustedInstaller".

I'm rather at a loss at what to do next. That Malwarebytes pop-up comes up now several times a minute and I can't seem to find a setting in Malwarebytes to tell it to stop telling me and just do something about it.
I would strongly recommend using the free TronScript (and reading through the linked documentation), as previously mentioned here:
Anonymous Bosch wrote: Tue May 17, 2022 12:19 pm In terms of getting a poorly-running and/or compromised Windows PC back to functionality, TronScript will likely prove to be more effective.

Here's a tutorial video that walks you through how to use it:

from my experience with Tron, it was cool how it's implemented. It didn't fix anything for me. I had to reformat after running the tool twice.
hepcat - "I agree with Naednek"
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Need some serious help, been hit by malware

Post by Anonymous Bosch »

naednek wrote: Sat May 28, 2022 12:44 pm
Anonymous Bosch wrote: Fri May 27, 2022 12:41 pm
jztemple2 wrote: Fri May 27, 2022 11:20 am My wife clicked on an attachment to our Spectrum bill, only it turned out not to be the Spectrum bill, it was bad stuff. I've deleted the email and the attachment, which was an iso, but now I'm getting this pop-up from Malwarebytes every minute. I've also deleted a .vbs file which I found in her Documents folder. I've tried deleting that jsc.exe file but I'm blocked because I don't have permissions from "TrustedInstaller".

I'm rather at a loss at what to do next. That Malwarebytes pop-up comes up now several times a minute and I can't seem to find a setting in Malwarebytes to tell it to stop telling me and just do something about it.
I would strongly recommend using the free TronScript (and reading through the linked documentation), as previously mentioned here:
Anonymous Bosch wrote: Tue May 17, 2022 12:19 pm In terms of getting a poorly-running and/or compromised Windows PC back to functionality, TronScript will likely prove to be more effective.

Here's a tutorial video that walks you through how to use it:

from my experience with Tron, it was cool how it's implemented. It didn't fix anything for me. I had to reformat after running the tool twice.
Realistically, short of reformatting and performing a full Windows reinstallation, there is no miracle panacea that will necessarily cure every compromised Windows PC, as the TronScript documentation accurately observes:
/r/TronScript wrote:Fair Warning

Attempting to clean/fix a PC (with Tron or any other tool) that's been compromised by malware and such can result in partially or completely disabling that PC, and can require a full reinstallation of Windows to restore full functionality.
This isn't a "Tron issue", this is just how PCs are. Before you run Tron, be aware that the act of cleaning/repairing your PC can inadvertently disable your PC or adversely affect your data in the process. Your system may or may not be repairable; your data may or may not be recoverable. If you choose to run Tron anyway you must be prepared for the possibility of reformatting the hard drive, reinstalling Windows, and recovering your data from a backup.

General Info

Tron is a collection of programs, tools, utilities, and Windows functions that are scripted together. It is designed to remove malware and bloatware, repair damaged operating systems, update old versions of very common applications, free up drive space by clearing out caches, and more. By consolidating and automating these tasks into a single execution it saves a lot of time and makes the whole process a more efficient.

Tron is not intended to be run on a machine that is already running properly and/or just had a clean OS install done to it. Tron's intended goal is to take a badly-running Windows PC (bloated, infected with malware, neglected, etc) and automate about 85% of the work involved in getting it to run well again. There is nothing Tron does which you couldn't do on your own without it. Tron's real power is in its automation and the breadth of tools that it uses to achieve its intended goal.

While Tron can do a lot of good things for an affected PC, it is important to know that Tron is not a miracle cure-all.



Common Questions (Troubleshooting)

I ran Tron but my problem is still happening. Why didn't Tron fix it?

If you're still having an issue after Tron, it may fall into the ~15% of things Tron can't fix automatically.
That being said, while YMMV, in my experience TronScript has proven remarkably effective in restoring poorly-running and/or compromised Windows PCs back to functionality, especially in comparison to solely scanning with Malwarebytes.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
jztemple2
Posts: 11545
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: Need some serious help, been hit by malware

Post by jztemple2 »

Kasey Chang wrote: Sat May 28, 2022 3:00 am
jztemple2 wrote: Fri May 27, 2022 10:56 pm
Since then no more malicious web connecting.
Yeah, sounds like you caught it in time.

Consider disabling WSH to block this type of errors altogether via a simple regedit of policies.

https://www.ryadel.com/en/disable-windo ... s-malware/
Wow, that's some great stuff there, just the thing to fix on her machine. Thanks Kasey :wub:
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
Post Reply