Computer froze up made a loud consistent noise while working, event log found errors and warnings and also found TROJAN AND MALWARE on the computer

Orginal tilte: Special privileges assigned to new logon...after system crash...FOUND TROJAN AND MALWARE!!

I was working on my 3 month old laptop yesterday when it froze up and made a loud consistant noise. I did a cold shut down then when I restarted, took a look at event log and found errors and warnings. One was this

 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          8/17/2010 5:40:34 PM
Event ID:      4672
Task Category: Special Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      ANNIE
Description:
Special privileges assigned to new logon.

Subject:
 Security ID:  SYSTEM
 Account Name:  SYSTEM
 Account Domain:  NT AUTHORITY
 Logon ID:  0x3e7

Privileges:  SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4672</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12548</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-17T21:40:34.875283800Z" />
    <EventRecordID>13195</EventRecordID>
    <Correlation />
    <Execution ProcessID="560" ThreadID="600" />
    <Channel>Security</Channel>
    <Computer>ANNIE</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-18</Data>
    <Data Name="SubjectUserName">SYSTEM</Data>
    <Data Name="SubjectDomainName">NT AUTHORITY</Data>
    <Data Name="SubjectLogonId">0x3e7</Data>
    <Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
   SeTcbPrivilege
   SeSecurityPrivilege
   SeTakeOwnershipPrivilege
   SeLoadDriverPrivilege
   SeBackupPrivilege
   SeRestorePrivilege
   SeDebugPrivilege
   SeAuditPrivilege
   SeSystemEnvironmentPrivilege
   SeImpersonatePrivilege</Data>
  </EventData>
</Event>Special privileges assigned to new logon.

Also, I found this one...

Log Name:      Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Source:        Microsoft-Windows-Windows Firewall With Advanced Security
Date:          8/17/2010 5:40:35 PM
Event ID:      2010
Task Category: None
Level:         Information
Keywords:     
User:          LOCAL SERVICE
Computer:      ANNIE
Description:
Network profile changed on an interface.

Adapter GUID: {73742c25-e328-40bf-a4e1-83bade2fc4df}
Adapter Name: wireless_0
Old Profile: None
New Profile: Public
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Firewall With Advanced Security" Guid="{D1BC9AFF-2ABF-4D71-9146-ECB2A986EB85}" />
    <EventID>2010</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-17T21:40:35.842485500Z" />
    <EventRecordID>3095</EventRecordID>
    <Correlation />
    <Execution ProcessID="1256" ThreadID="2084" />
    <Channel>Microsoft-Windows-Windows Firewall With Advanced Security/Firewall</Channel>
    <Computer>ANNIE</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="InterfaceGuid">{73742C25-E328-40BF-A4E1-83BADE2FC4DF}</Data>
    <Data Name="InterfaceName">wireless_0</Data>
    <Data Name="OldProfile">2147483649</Data>
    <Data Name="NewProfile">4</Data>
  </EventData>
</Event>

I disconnected my wireless adaptor but I couldn't disconnect from the "public" network in my firewall control panel. I don't believe I was ever connected to a public network before just my private wireless one.

And, I keep getting this quick "snap-in" popup but the cancel button is greyed out.

Steps taken:

  1. Performed system restore
  2. Ran Malwarebytes (found: Trojan.banking, malware.trace)
  3. Removed but got msg "some items could not be removed"
  4. Ran CCleaner a few times
  5. Ran Malwarebytes again.

Now my event logs are saying the exact same thing. Any help PLEASE! I am using ESET NOD32 but it didn't catch anything!

 

Answer
Answer

Hi JR1437,

The issue you are experiencing may be the activity of virus, I would suggest you to find and remove all the malicious software present on the computer.

Step 1: Run an online scan to remove threats

http://onecare.live.com/site/en-Us/center/cleanup.htm

 

You may follow the steps provided byVincenzo Di Russo MVP to get rid of malicious software from the computer, please click here.

Thanks and Regards:

Ajay K

Microsoft Answers Support Engineer

Visit our Microsoft Answers Feedback Forum and let us know what you think.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated May 23, 2019 Views 1,306 Applies to: