Computer infected with the virus back yes should replace hard drive new not, my hard drive is still good?

My computer has strange signs when i open the machine up browser chrome turn up into always the Facebook  account. I always keep my Facebook account  at login status 

My computer is infected with a virus My facebook account having many turn likes strange which I do not like 
I checked  settings security my account still login from the familiar browser

I use AdwCleaner, Avira, Bidefender, EmisoftAntimalware the scan no has virus
I use Jiangmin the scan it out virus: <Link Removed>

bbfbex5.exe RecorderCheckr.exe
C:\Users\pc\Downloads\bbfbex5.exe RecorderChecker.exe
             Trojan.Cometer.x

setuppackage.exe installer.exe
C:\User\pcDownloads\Program\bitdefender_homesscaner.exe packages
             AdWare.ConvertAd.qvc

Hotfix_install.exe
C:\Programdata\MobileBrServ\xp_patch\Composite_Hotfix_Install_for_XP_X86 2.1.0.0
             TrojanDownloader.JS.hj

huongdancaiwindows7odiacunghddao[1].htm
C:\Users\pc\Apdata\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AQJX23AY
             Trojan.Script.gau
 

Question Info


Last updated February 27, 2019 Views 1,124 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

You may try run scan with Windows Defender Offline:

https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc

Remove all other malwares and you don't need any hard disk.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I use Windows Defender Offline scan no yes virus

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Merged *

My E drive is drive empty no files what. 
Yesterday my E drive yes strange signs, it displayed blue. I open out inside the E drive there is no file what?

I check the drives in Malwarebytes antivirus software the drives C, D, E yes contains the 2 folder:

                      $RECYCLE.BIN
                      System Volume Information

drive USB yes contains the 1 folder: System Volume Information

Why so?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Thao,

A corrupted user profile, malware infection, and system file corruption are some of the possible reasons why you're experiencing this issue. For us to isolate the issue, we would like to know the following:

  • Were there any changes made on your computer prior to the issue?
  • Does the issue persist after restarting your computer?
  • Have you tried any troubleshooting steps so far?

It's also possible that the files are hidden. In order to show hidden files on your Windows 10 computer, perform these steps:

  1. In the search box on the taskbar, type folder, and then select Show hidden files and folders from the search results.
  2. Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.

Keep us posted and we'll be willing to assist you further.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi,

We need to clarify some information for us to better understand your virus concern. Kindly answer the following:

  • When did the virus issue start?
  • Were there any changes made on your compute before encountering the issue?
  • What exactly is happening when you open up or use the computer?
  • You mentioned that you've ran several antivirus software including Windows Defender Offline. Were they able to detect and delete the viruses?
  • Can you please post screenshots of the issue here for us to further investigate your concern?

While we wait for the answers to our questions, kindly run Windows Defender (not the Offline version) on your computer and perform a full scan. This will help us determine if there are any viruses on your computer. To know how to run Windows Defender, follow the steps found in this article.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

                       No changes made on the computer before release
                       After I restart the computer the trouble still exist
                       I yet tried any thing what

I've displayed the hidden files on the computer according to your instructions

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Thanks for the information that you've provided. To check if this is due to malware infection, we suggest that you run a scan using your antivirus software. If you're using Windows Defender, see this article.

If the issue persists, we recommend using the System File Checker tool. This will scan and repair any damaged or corrupted operating system files on your computer. To do so, follow the steps here.

Should you need additional help, feel free to reply.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Several months ago I used software WinToHDD to installed Windows directly from hard drive, I want to install try see as how and I installed successfully

I the for WinToHDD into Virustotal check it no yes virus https://www.virustotal.com/#/file/e1cba0579ca2b1416c8dc382015910305adf3c9b96b1d9a35f80513e1d71f1c8/detection

After this I for WinToHDD into Virscan check result F-Prot find: http://r.virscan.org/report/8a38bc48e3c199f821f7481ea6e59dd0

I feel do not trust software WinToHDD so I decided reinstall Windows add one again
The next day I reinstalled Windows directly from hard drive by the Command Prompt command line
I press hold down  Shift and restart computer into regime Safe Mode

I deleted the 4 partitions Recovery, EFI System, MSR and OS 
 disk the drive D, E is the empty disk with no the data what, Then I installed Windows

 Installing the Windows finished, I downloading Unikey software to type the Vietnamese language, later this I  new know Unikey has the contains virus
I for Unikey into Virustotal scan the check and I used K7 Computing scan to remove Unikey out from the computer.

At this time my facebook account having many turn likes strange which I do not like 
I check security settings, my account still login from the familiar browser
Then I decided to reinstall Windows add one again directly from hard drive  by Command Prompt command line 

I new the  reinstalled into January 


My computer and facebook account have strange signs as I stated above??

I think by me originally use WinToHDD software to install Windows directly from hard drive should my computer new have strange signs so????

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I use Windows Defender scan no yes virus
I run some anti-virus software including Windows Defender Offline scan no yes virus

I use F-secure scan it detected out virus and I did delete it


Later I use avast the scan it no yes virus , I use avast the to cleanup computer it found some problems: Broken registry items, System junk, Programs slowing down your PC
But I  can not cleanup because the software Cleanup Premium must takes money to buy:

 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I use HitmanPro the scan:

[code]
HitmanPro 3.8.0.292
www.hitmanpro.com

   Computer name . . . . : DESKTOP-KVHF89G
   Windows . . . . . . . : 10.0.0.16299.X64/4
   User name . . . . . . : DESKTOP-KVHF89G\pc
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2018-01-31 21:25:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 18s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 63

   Objects scanned . . . : 1,433,990
   Files scanned . . . . : 37,823
   Remnants scanned  . . : 294,878 files / 1,101,289 keys

Suspicious files ____________________________________________________________

   C:\Windows\Temp\DRSUnzipTemp\Packet.dll
      Size . . . . . . . : 106,128 bytes
      Age  . . . . . . . : 3.9 days (2018-01-27 23:18:41)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 020F5F2B374C197061C5B370490429E8A3B7504BC05FF5F0402092A7FEF2C607
      Product  . . . . . : WinPcap
      Publisher  . . . . : Riverbed Technology, Inc.
      Description  . . . : packet.dll (Vista) Dynamic Link Library
      Version  . . . . . : 4.1.0.2980
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\Temp\DRSUnzipTemp\sdk\NPF\x64\Packet.dll
      Size . . . . . . . : 115,856 bytes
      Age  . . . . . . . : 3.9 days (2018-01-27 23:18:41)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 7BF69DA9630454F02657D820897BAD383F6E77C4D177F5AB2D92CEC40E0D9DC9
      Product  . . . . . : WinPcap
      Publisher  . . . . : Riverbed Technology, Inc.
      Description  . . . : packet.dll (Vista) Dynamic Link Library
      Version  . . . . . : 4.1.0.2980
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\Temp\DRSUnzipTemp\sdk\NPF\x64\Packetx86.dll
      Size . . . . . . . : 106,128 bytes
      Age  . . . . . . . : 3.9 days (2018-01-27 23:18:41)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 9E09636D9AE818BD75BBF215A6B6C76210793B842B169974C057BED251D5DB89
      Product  . . . . . : WinPcap
      Publisher  . . . . : Riverbed Technology, Inc.
      Description  . . . : packet.dll (Vista) Dynamic Link Library
      Version  . . . . . : 4.1.0.2980
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\Temp\DRSUnzipTemp\sdk\NPF\x64\wpcap.dll
      Size . . . . . . . : 378,512 bytes
      Age  . . . . . . . : 3.9 days (2018-01-27 23:18:42)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 5675E9510D8DD45611BBE2F29C8D1FA5767034A7517D0902E0C35CC909444E15
      Product  . . . . . : WinPcap
      Publisher  . . . . : Riverbed Technology, Inc.
      Description  . . . : wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008)
      Version  . . . . . : 4.1.0.2980
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\Temp\DRSUnzipTemp\sdk\NPF\x64\wpcapx86.dll
      Size . . . . . . . : 290,448 bytes
      Age  . . . . . . . : 3.9 days (2018-01-27 23:18:42)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : D69EB3BF483BAAE3765BF324373E9653F9C68FE6A521A54A13F3531A3D661186
      Product  . . . . . : WinPcap
      Publisher  . . . . : Riverbed Technology, Inc.
      Description  . . . : wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008)
      Version  . . . . . : 4.1.0.2980
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\Temp\DRSUnzipTemp\sdk\NPF\x86\Packet.dll
      Size . . . . . . . : 106,128 bytes
      Age  . . . . . . . : 3.9 days (2018-01-27 23:18:41)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 020F5F2B374C197061C5B370490429E8A3B7504BC05FF5F0402092A7FEF2C607
      Product  . . . . . : WinPcap
      Publisher  . . . . : Riverbed Technology, Inc.
      Description  . . . : packet.dll (Vista) Dynamic Link Library
      Version  . . . . . : 4.1.0.2980
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\Temp\DRSUnzipTemp\sdk\NPF\x86\wpcap.dll
      Size . . . . . . . : 290,448 bytes
      Age  . . . . . . . : 3.9 days (2018-01-27 23:18:42)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : E41F92ECD99ACCC49896941473DADD7DB2DC29F05923DF280A7B834BF8DD38B8
      Product  . . . . . : WinPcap
      Publisher  . . . . : Riverbed Technology, Inc.
      Description  . . . : wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008)
      Version  . . . . . : 4.1.0.2980
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\Temp\DRSUnzipTemp\wpcap.dll
      Size . . . . . . . : 290,448 bytes
      Age  . . . . . . . : 3.9 days (2018-01-27 23:18:42)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : E41F92ECD99ACCC49896941473DADD7DB2DC29F05923DF280A7B834BF8DD38B8
      Product  . . . . . : WinPcap
      Publisher  . . . . : Riverbed Technology, Inc.
      Description  . . . : wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008)
      Version  . . . . . : 4.1.0.2980
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.


Cookies _____________________________________________________________________

   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:creative-serving.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool.admedo.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com


[/code]

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.