Backdoor on my pc (Solved)

**Malnutrition** · 12-22-2022, 07:49 PM

Post the latest fixlog from FRST as well.

Open elevated command prompt and copy and paste each command below, hitting enter after each.

RD /S /Q “%WinDir%\System32\GroupPolicyUsers” && RD /S /Q “%WinDir%\System32\GroupPolicy”

gpupdate /force

Download KPRM then save to desktop.
Right click run as admin.
Check mark, restore system settings.
Click the run button.

Then reboot your computer. Check that the issue is gone with the clipboard.

**Malnutrition** · 12-22-2022, 08:14 PM

May need to use these commands and do them one at a time hitting enter after each. Then reboot the computer after.
RMDIR /S /Q “%WinDir%\System32\GroupPolicyUsers”
RMDIR /S /Q “%WinDir%\System32\GroupPolicy”
gpupdate /force

RD /S /Q “%WinDir%\System32\GroupPolicy”
RD /S /Q “%WinDir%\System32\GroupPolicyUsers”
gpuрdаte /force

**Malnutrition** · 12-22-2022, 09:07 PM

If the above does not help, then create and run a batch file.

Open a notepad and copy the content of the code box below, paste into open notepad and save it to your desktop as clean.bat then right click on clean.bat and run as admin. It is very important to run the batch file as admin!!

Note: You should allow the n batch file to complete, Once it reboots your machine that is when it is done.

[COLOR=rgb(184, 49, 47)]Do not copy the word Code:

Code:

wmic /Namespace:\\root\default Path SystemRestore Call Enable "%SystemDrive%"
WMIC /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "BatchRestorePoint", 100, 10
SC config trustedinstaller start=auto
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKCU\Software\Microsoft\WindowsSelfHost" /f
reg delete "HKCU\Software\Policies" /f
reg delete "HKLM\Software\Microsoft\Policies" /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKLM\Software\Microsoft\WindowsSelfHost" /f
reg delete "HKLM\Software\Policies" /f
reg delete "HKLM\Software\WOW6432Node\Microsoft\Policies" /f
reg delete "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" /f
gpuрdаte /force      
shutdown -r
Exit /B

If you are unable to copy and paste, I have uploaded the batch file for you. Unzip it to your desktop, right click run as admin.[COLOR=rgb(184, 49, 47)] Must be ran from the desktop[/COLOR][/COLOR]

**Ichigo** · 12-23-2022, 11:30 AM

Here’s the latest fix log

**Ichigo** · 12-23-2022, 11:36 AM

[ATTACH type=“full”]11111[/ATTACH]
It has been 10 minutes that it is updating

**Ichigo** · 12-23-2022, 12:15 PM

It updated but the clipboard is still disabled, im going to try the other commands you’ve sent

**Ichigo** · 12-23-2022, 12:15 PM

[ATTACH type=“full” alt=“1671797732362.png”]11112[/ATTACH]
The file doesnt exist

**Ichigo** · 12-23-2022, 01:12 PM

the batch file isnt restarting my computer

**Malnutrition** · 12-23-2022, 08:20 PM

@Ichigo

Ok, reboot manually.

If that fails to repair the issue, then we will use AVZ to correct it.

Disable your antivirus prior to running AVZ!
Run AVZ as admin! (located in the folder …Autologger\AVZ) click File => Customs Scripts.
Copy the content of the text file I uploaded. (AVZFix.txt)
Click edit select all copy.
Paste into AVZ window.
Make sure the word begin is in the absolute top left of the window as per picture below.

You can either type the words in and make sure the spacing is correct.
Save the avzfix i uploaded to your documents folder.
Hit File.
Customs Scripts.
Hit the Load Button.
In the bottom right select text document.
type avzfix.txt hit enter or click the open button.
Now click on run.
[ATTACH type=“full” alt=“1671835870873.png”]11123[/ATTACH]

Hit Run Fix.

The computer will reboot.

**Malnutrition** · 12-23-2022, 10:11 PM

If none of the above helps it may be due to a setting in O&O shutup ten, you should run this and revert everything back to default.

**Ichigo** · 12-23-2022, 10:51 PM

I just ran AVZ and now I am able to activate it but whenever I activate and then I do Windows+V to use it it opens a transparent window like on this picture[ATTACH type=“full”]11122[/ATTACH]
and when I close and launch again the clipboard settings it shows up as disabled while I had enabled it

**Ichigo** · 12-23-2022, 10:52 PM

Im going to try to revert O&O shutup ten settings

**Malnutrition** · 12-23-2022, 10:54 PM

Originally posted by Ichigo

Im going to try to revert O&O shutup ten settings

Yep, I think that is the issue… Make sure and reboot after.

**Ichigo** · 12-23-2022, 10:57 PM

I pressed “Undo all changes (“factory settings”)” but it is still not working, should I reboot my computer

**Malnutrition** · 12-23-2022, 11:03 PM

yes

Backdoor on my pc (Solved)

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment