Malware/Virus From Opening Site- Windows Security Detected Tons of Threats?

Look very carefully at the file path in my screenshot versus the one you posted and see if you can figure out where you are making the mistake.

 

Well I copied and pasted the exact link that I was told to do in step 2 and it gets here.


Well seems like I need to click on microsoft in that address bar and then click on Windows Defender. Is that what you mean? If so, that wasn't mentioned in the steps for me to do that.


I see scans folder. But I cannot open that folder when I click on it. That folder does not open.

 

Open Scans, then History, then you should see Services. Delete it. Don't worry, you're only getting rid of the history shown in your Windows Defender summary. You aren't affecting your antivirus. Once you've done that, rerun both your Windows Defender Offline scan and the Kaspersky scan and see if the threats reappear.

If they do, we'll move on to re-installing Windows. If they don't, you've got nothing to worry about.

 

The issue here is the scans folder does not open when I click on it. Many other folders on that page does not open when you click or double click on it.


When I bring my mouse to that scans folder without clicking on it, it has the words empty folder and the date created was even before the date I got this laptop.


Also I want to mention. For several months I believe and even till now, I could not run the Microsoft Defender Offline Scan at all. But back then I didn't look into it because the full scan always worked.

 

Let's try a different way.

Press Win+X and then tap A on the keyboard. This will open a PowerShell with admin privilege. Type or copy/paste the following command:

Set-MpPreference -ScanPurgeItemsAfterDelay 1

If the command fails, we have one more path we can try.

 

What I press all of those at the same time, it does open start menu. I then clicked on Windows Powershell (Admin)


I entered that. What is next? It goes to the next line waiting for something to enter.

 

That means it worked. Go ahead and run the Windows Defender offline scan and see what pops up.

 

How do I know it worked? After typing that in, it doesn't say anything but just goes to next line.

Windows Defender offline scan does not run still.

 

Because it would have thrown an error message if the command failed. Run Kaspersky and the Windows Defender scans again. If any threats are detected, your computer is still infected and you'll need to reinstall Windows. If it comes back clean, you're good.

 

I did full windows scan and as usual no current threats. Will do another kaspersky scan now but again it will not show any threats as I done so many full scans already.


I also noticed this recently. Each time I do a full windows scan, afterwards I get this message


Your IT administrator has limited access to some areas of this app and this item and this item you tried to access is not available. Contact IT helpdesk for more information. So I been getting this message quite a bit I been getting this message few times already ever since installing kaspersky total. Is that why?

 

https://www.tenforums.com/installat...s-10-old-desktop-post2345624.html#post2345624

https://www.tenforums.com/installat...s-10-old-desktop-post2345368.html#post2345368

Looks like Mr King of Chaos is surpassing himself !

 

Making fun of others sure does sound fun to guys. Especially saturn who kept telling me to take a look at the picture to see what mistake I was making when I clearly wasn't and following the other guy's instructions. Of course you never admitted to your mistake.


Someone else is helping me in this thread and you guys come and disturb a thread that has nothing to do with you.

 

This guy helping you....he just isn't hep yet....but he will be.
Look into 'quarantine'.
See those bazzilion files ?
Yea.
This administrator ?
It's one of the many poker virus strains you have because you are far too stupid to believe online poker, in any form, is a virus, a malware, an exploit, and probably even more that I'm missing.
You play, you pay.
Get a real job.

 

You are suggesting the legit sites out there like pokerstars.com, partypoker.com, wsop.com all these sites and clients are a form of virus/malware correct? That is exactly what you are implying. Is that correct?


Imagine you are a stock trader and instead of trading stocks on the website, it was through a client. Then one day you downloaded the wrong client by accident and it was malware. Imagine someone says you are stupid and you should never be trading stocks. You know how stupid that sounds? What you are implying is even worst because you are basically saying nobody should ever make a mistake going to a wrong site by accident.


You talking to me like I'm downloading torrents or pirated stuff on my laptop or something like that which would pretty much guarantee malware. Again, I didn't download or open an file when this occurred. I did visit that website by accident. Oh wait we have a guy who never clicked on a link by accident or gotten virus/malware by accident in 10 years. The other guy said 25 years This includes when checking emails and never once by accidentally clicking on a bad link ever? Go look at how many people check their emails on their phones and by accident clicking on link or something like that. For someone to not accidentally even do something like that total whether its on the phone or their computer for a few years... that is already very good. Yet you guys talk down on someone for one mistake in all these years. Oh wait we have a bunch of people here who never make mistakes and will criticize others for it.


Again why are you all replying to this topic if you offer nothing to this thread.


You won't like that when you have issues and people do the same thing right? And I'm not talking about computer issues.

 

Kaspersky total as usual shows 0 threats. Windows Defender shows 0 threats as usual. But the moment I close windows defender and reopen windows defender, you see -10000+ threats again like in the pictures I posted.


I was browsing on google and saw a few people who had this issue. One had like 600 threats and another person had 7000 plus threats. Their other virus software didn't find anything. Others seem to say it has to be a glitch since the threats are shown like in a negative number? There is a -10000+ threats next to it.... though it could be just a hyphen.


Now is there a way to check all my windows defender scan history? Because I want to check the windows defender scan... before the moment I clicked on the website. I believe it was the link you posted earlier with the scans right? But the issue is I can't even click on it.


The last time I did a windows full scan manually myself before right after the incident was probably 1 month before that or so. But I do know windows defender do sometimes run in the background and then when doing things, suddenly you bottom right corner windows defender detected 0 threats etc. Is there a way to view that? Again, I'm close to positive me clicking on the link triggered it... but it could be possible it was there before this as I didn't do a full windows can for a month I believe.


And I didn''t download any programs or clicked on wrong link for a very long time. And any windows defender scan I did this year always showed 0 current threats.

 

Okay so I went to Windows powershell and typed in


Get-MpThreatDetection and it shows this.



These were the 2 apps when I did the windows full scan at the time which blocked the apps. Now the thing is this program is a poker program but again I had this program installed years ago and it never showed up as malware. A concern here is the cleaning action id 3 and threat status id 4. Apparently when checking google, this threat status of 4 means trojan downloader. The thing is if really is the 888poker client, I wouldn't be concerned about his because that software is legit.


But from that picture, its removed right? I did see these programs were removed when on windows defender. My concern would be if what I clicked on... caused this files to show up. But instead they renamed it 888poker.msi to trick you into it. But is that possible?

 

Like you been told over and over that poker sites are easy targets for hackers and malware for obvious reasons. Not saying its the main cause of your infection but obviously you got infected by your other bad browsing habits. Im not going to repeat myself again about it since its like talking to a wall

Even if that was the case the average person still wont have over 10000+ threats detected on their PC like you do and Windows Defender does a good job of preventing most malware infections and not to mention Web browsers as well. Since you wanna bring up of how we havent had an malware infection in over a decade its obviously we have much better browsing habits than you.... Like i said before the best antivirus software is you and your own actions. People are talking down to you because you wont listen to anyone's advice also you didnt make one mistake you made several mistakes to be infected like this and anyone who is good with computers would tell you that too, Hell you been infected since October and you could of solved your problem back then if you followed our advice but instead you keep making threads after threads here and other forums about the same problem of your Dell Laptop. Even you got rid of the malware your OS is still severely damaged which is why you been told over and over to backup your important stuff and then reinstall windows, You could of prevent that if you got rid of the malware in time when people was telling you that you have an malware infection.

 

The 10,000 threats and 7000 threats... if you look at that number, its a negative number. Like -10,000 threats etc. But it was never detected as a current threat. Found a few threads on this on the forums where people said this is some glitch or some error and has nothing to do with it. Those sites are not easy targets for hackers/malware... don't recall any of the big name sites ever had this happen ever. Again, I'm talking about those big name sites only... those other shady sites much different.


It is very possible I do not have anything on my computer anymore. Again it was that one instance that I clicked on it, then I did virus scan and it found two those apps. Its possible it been there for weeks. Unless there was a way for me to see my previous windows full scan history... which doesn't seem to be possible. Again the last time I did a windows full scan before this... might even been close to 6 weeks at least maybe. And of course, that showed 0 current threats. But as you all know, sometimes when you using your computer, it would show on the bottom right corner windows did a full scan in the background and whenever I look at that, it always showed 0 current threats. But I never had it pop up where it showed me any threats. So is there a way for me to check my windows scan history on this? Because I want to pinpoint if me clicking on that link caused it. Also... I noticed the 888poker thing in that picture... I did open the program in around late October because when you open it and it does an update, you let it update. I could tell this by going to my add/remove programs and see that was added around that time which would mean there was an update around the time. Now had I done a windows full scan after that and noticed this issue, it would not be any concern at all. Its just I didn't do any full windows scan manually for at a while I believe since this occurred. Normally I do a windows full scan ever few weeks to check for threats. But I stopped doing it for a while since its almost always 0 current threats.


Why do you keep saying I been infected since October? Those issues are not related to it. Those programs had updates where the clients had lot of issues. Other people complained about the same thing. I want to know is there a way to view every full scan history with my windows defender for october and november before this occurred. Is there a way to do this? Again the thing is if I saw these threats before I clicked on that link, I would not be concerned that much. Because if those are legit 888installation and not a hacker renaming it to make it look like it, then I'm not concerned.


Also other people apparently do not think I have anything on my laptop if kaspersky didn't find anything. Someone said if bleeping computer confirms you have nothing, you have nothing.


I do know for a fact my OS definitely has issues. I am not denying this. For example, my microsoft defender offline scan hasn't worked in months. Also when I got a new ssd last year, instead of just taking the old one out and starting fresh, I use samsung magician and copied the old ssd into the new one so I would have everything in it. Again I did this because I didn't want to start over and redownload all my files etc. Obviously much different back then since I did not have any malware at the time.

 

And he will incessantly keep whining and crying that it's not his ignorance when at least 20 people have told him exactly what the problem is.
Incredible for anyone older than 5 to keep saying 'I didn't do it' over and over and looking so hard for *anyone* to back up his flawed viewpoint on this situation.

He's too dumb to look for the quarantine folder for proof....he's too dumb to backup and wipe his system....and....he's too dumb to stop going to obviously infected online gambling websites.

Brick, meet wall.

 

Time for a roundup :O)

The unfortunate guys over at ars also have to endure Mr Chaos:
https://arstechnica.com/civis/viewtopic.php?f=15&t=1481030

& even on linustechtips, some marvellous topics:
https://linustechtips.com/topic/139...drive-or-external-flash-drive-doesnt-autorun/

btw, pestering of tenforums still ongoing, the ban evasion not yet discovered and dealt with.

But, but.... a miracle (or a gigantic chaos...) in the making?, some sense slowly sinking in ?!? After having been told 150 times to do it: "am going to do a clean reinstall of windows 10"
https://www.bleepingcomputer.com/fo...tall-of-windows-10-pro-on-compromised-laptop/

 

Look at the quarantine folder? I tried to look at it on windows defender and see 2 of the apps that were blocked. The issue? The moment you clicked on the actual threats that it remove or quarantined, it immediately goes away. I had to take my phone to record it and play it in slow time to even see it. When you click on protection history that is what it did. You can't even view it. The windows defender has been acting up and you can't even view the protection history.


Someone else who is helpful here told me to check my windows scan defender and click on scans. I couldn't even click on it or do anything to it. And then someone here says oh your making a mistake here, take a closer look why without explaining it to me. Yet I followed the exact instructions of that other guy who was helping me and I mentioned... it doesn't work and posted screenshots of it. Then he mentioned okay we do another method, but that also didn't work. But that person is helpful.


Then when I figured out what was the issue of why it didn't show that... I had to click on the address bar and go back in that, then I said you can't even do anything to that folder. And of course that other person didn't admit they were wrong and no longer responded back.

 

This is so pathetic I'm not even finding humor in it any longer.

How many people wanna bet this guy uses this laptop to access bank accounts or other such activity ?
That is *if* he's old enough to access such account without parental guidance...

Look turbo, the first thing a reasonably well written virus does is compromise any antivirus program on whatever system it's running on.
Doh!

 

So, here's the issue. A lot of people with considerable know-how are telling you that your online behaviors invite bad actors and expose you to risk. The way your computer is behaving raises a number of red flags. The scorn you're getting is because you've spammed almost all of the tech forums on the Internet with pleas for help but you don't seem willing to listen to the advice you've been given.

I just went through and read everything up to now as I've been with my family the past couple of days. This comment here:

Is concerning. As others have pointed out, malware will often create administrative accounts and/or disable AV to prevent itself from being removed or disabled. A huge unknown in this whole affair is that I don't know the configuration or state of your laptop because I don't have it in front of me. I don't know what you have installed on it. I don't know what shape the hardware is in. All I have is what you've given me, which has slowly changed from when we started this discussion. From what you have shared, I would reinstall Windows. Yes, that means you need to copy your necessary files to a thumb drive or external HDD, preferably in safe mode. You also need to turn bitlocker off before starting the reinstall.

Lastly, and this is the point that I cannot stress more, you have this odd trust in websites that have no interest in anything other than getting money out of your pocket. As a gambler, you know the old saying, "The house always wins." Why would you think they would put some high value on your individual security or safety? Because it might affect their bottom line if a tranch of players get their PCs infected? Or do you think they perform the same corporate calculus and look at the amount they are hauling with the malware in effect versus the cost of engineering a repair? If the cost of repair represents any tangible cost that might impact their profit, and is projected to exceed the cost of losing business because players affected by malware leave, they'll just keep the status quo. Which is exactly what they do:

https://www.techtimes.com/articles/86306/20150920/beware-online-poker-players-malware-targets-pokerstars-and-full-tilt.htm#:~:text=Malware researchers from Slovakia based,most popular poker websites online.

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/888 Poker Application.aspx

https://www.bleepingcomputer.com/ne...acked-to-inject-payment-card-stealing-script/

https://www.americascardroom.eu/pok...ndroid-apps-harboring-cryptocurrency-malware/

Keywords from my search were poker app malware. The dates of the articles go from 2015 to a few days ago. Online poker is a popular vector for bad actors to exploit likely because of users like yourself. Technically illiterate, unable to detect when they've been exploited, and very likely to continue engaging in the behavior that exposes them to the risk in the first place. You need to reinstall your OS, reduce your risk profile, and learn more about computers.

 

.

 

Gumwars, thank you for the long response. Yes I have decided to finally do a complete reinstall now. I am not going to use the machine anymore like this especially with you mentioning the IT part has you concerned. It could be because I added kaspersky.


I will post back in the other thread on the process as this one has gotten way out of hand.

 

I suspect you have a shadow admin account installed. Yes, moving forward with reinstalling the OS is the best bet here (no pun intended...okay, maybe a little bit intended). It will give you the peace of mind knowing what shape the laptop is in because you know what is installed along with killing whatever infection might still be on it. Good luck with it and I'll help however I can.

 

Hey. I never heard that term before. Yea reinstalling the OS seem to be the best option. Right now I want to make sure I get into safe mode the right way before the transferring of files.

 

Having options disabled by your IT Administrator on a machine that you own can come from a couple of different places. I use a couple of scripts and programs that turn off Windows telemetry and do that via administrative settings. When I try to access those features, the options are disabled because of how I've configured my OS. The difference between what you're seeing and what I've seen is that I know why those settings are disabled on my laptop. That's because the other time this happens is when you have some sort of malware that creates its own admin account and locks you out of features that could prevent it from operating. I've seen this with pirated versions of Windows and some RAT programs.

If you don't recall doing something like that and given why you're here now, it would be best to assume this isn't harmless.

 

I'm late to the party, but would like to add a few notes.

points to a potentially unwanted program, adware in particular - not malware.

Sadly that is impossible. You can noticeably limit the risks by using an adblocker (I recommend uBlock Origin instead of Adblock Plus), greatly limit them by using NoScript - the latter very inconvenient for an end user, though. As an alternative, you can try sandboxed Edge instead.

 

Don't worry , poacher-player newmanndrewpaul is already getting all needed medication, treatment and nursing care from (a dozen) other forums, example https://arstechnica.com/civis/viewtopic.php?p=40507961#p40507961