The gretorsely virus - help


Carey Brown

Member
Local time
7:51 AM
Posts
33
OS
Windows 11 Pro
I'm helping a friend who clicked on a link in an email that she should have guessed was bogus. Now she's got this virus with popup windows every minute or so with some bogus message trying to get her to click on more. There's also an 'X' that she says she's been clicking on to get the popup to go away. It's been installing SO MUCH stuff on her computer (which is almost brand new) that it took me 2 hours to clean it up. However, for all the uninstalling I did the popups never went away. I googled "gretorsely" and it's apparently a known virus. Of course there's several suggestions to use SpyHunter malware remover to get rid of it. The researching SpyHunter it says that's a virus too. I tried Malwarebytes but a scan didn't turn up anything.

Anybody familiar with this virus that can point me in the right direction? Or maybe a hint of what I might try next? Much appreciated.
 
Windows Build/Version
Windows 11 on a Lenovo laptop

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Digital Storm - custom
    CPU
    Intel Core i9-13900KS (6.0 GHz Turbo)
    Motherboard
    ASUS ROG Maximus Z790 Hero
    Memory
    64GB DDR5 5200MHz Kingston FURY Beast
    Graphics Card(s)
    MSI GeForce RTX 3070 8GB
    Sound Card
    Integrated
    Monitor(s) Displays
    1 (Dell)
    Screen Resolution
    43" 4K 100% scale
    Hard Drives
    1TB SSD m.2 / 12TB HDD 3.5" / 2TB SSD m.2 / 4TB SSD 2.5"
    PSU
    850W Corsair RMx Series (Modular) (80 Plus Gold)
    Case
    Velox
    Cooling
    liquid AIO triple fan
    Keyboard
    Corsair K70 MX-Blue
    Mouse
    Razer V2 20Kdpi gaming
    Internet Speed
    1.2Gbps
    Browser
    Firefox
    Antivirus
    Defender
What did Windows security (Defender) have to say?
Manually Scan with Microsoft Defender Antivirus - ElevenForumTutorials
Run Microsoft Defender Offline Scan - ElevenForumTutorials
1 A Quick scan should detect & remove malware
2 An offline scan should detect & remove 'rootkit' malware
3 A Full scan should remove inactive remnants left behind after removal. It's a tidy-up rather than a threat-removal procedure and it can take hours.

If Defender cannot find anything then use Microsoft Safety Scanner


Best of luck,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
Thanks. She runs Defender but I'll go back and do some scans. Probably Wednesday.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Digital Storm - custom
    CPU
    Intel Core i9-13900KS (6.0 GHz Turbo)
    Motherboard
    ASUS ROG Maximus Z790 Hero
    Memory
    64GB DDR5 5200MHz Kingston FURY Beast
    Graphics Card(s)
    MSI GeForce RTX 3070 8GB
    Sound Card
    Integrated
    Monitor(s) Displays
    1 (Dell)
    Screen Resolution
    43" 4K 100% scale
    Hard Drives
    1TB SSD m.2 / 12TB HDD 3.5" / 2TB SSD m.2 / 4TB SSD 2.5"
    PSU
    850W Corsair RMx Series (Modular) (80 Plus Gold)
    Case
    Velox
    Cooling
    liquid AIO triple fan
    Keyboard
    Corsair K70 MX-Blue
    Mouse
    Razer V2 20Kdpi gaming
    Internet Speed
    1.2Gbps
    Browser
    Firefox
    Antivirus
    Defender
I wouldn't have to think about how I'd get rid of it...low level format and clean install. That infection appears to be a nasty one. Such infections can hide code that can come back any time in the future even if you think you removed everything. She needs to be concerned that some of her private information may have already been stolen.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Hopefully @flashh4 can also help here.
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Such infections can hide code that can come back any time in the future
It was because of the potential for rootkits that I suggested WD offline scan.

All the best,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
@Carey Brown, i can help with that Malware/Virus or what ever we find !
First run these programs & if the logs are 2 large to post you will have to zip them to me !

Malwarebytes AdwCleaner >>> Download AdwCleaner

Please download AdwCleaner and save it to your Desktop
* Close all open programs and browsers
* Right click on the icon and select Run as administrator
* Click Scan now
* Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
* When completed click View Scan Log File
* Copy and paste the contents in your reply
* Click Skip Basic Repair if it appears then close the program

====================================

Full System Scan with Malwarebytes Antimalware >>> Download Malware Removal 2023 | Free Antivirus Scan & Virus Protection Tool
* If not existing, please download Malwarebytes' Anti-Malware to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If the program is already installed:
* Run Malwarebytes Antimalware
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
* Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
*** Post that log back here or just tell me what it found ?
If it is to long then you will have to zip it or find a site to download it to & let me know where !
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
I wouldn't have to think about how I'd get rid of it...low level format and clean install. That infection appears to be a nasty one. Such infections can hide code that can come back any time in the future even if you think you removed everything. She needs to be concerned that some of her private information may have already been stolen.
Ouch! I don't think her computer came with any install media. Don't know if she's got license keys. At least at this point she hasn't installed anything beyond what it came with.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Digital Storm - custom
    CPU
    Intel Core i9-13900KS (6.0 GHz Turbo)
    Motherboard
    ASUS ROG Maximus Z790 Hero
    Memory
    64GB DDR5 5200MHz Kingston FURY Beast
    Graphics Card(s)
    MSI GeForce RTX 3070 8GB
    Sound Card
    Integrated
    Monitor(s) Displays
    1 (Dell)
    Screen Resolution
    43" 4K 100% scale
    Hard Drives
    1TB SSD m.2 / 12TB HDD 3.5" / 2TB SSD m.2 / 4TB SSD 2.5"
    PSU
    850W Corsair RMx Series (Modular) (80 Plus Gold)
    Case
    Velox
    Cooling
    liquid AIO triple fan
    Keyboard
    Corsair K70 MX-Blue
    Mouse
    Razer V2 20Kdpi gaming
    Internet Speed
    1.2Gbps
    Browser
    Firefox
    Antivirus
    Defender
Thanks flashh4, that's a generous offer. I'm trying to get her to bring her machine back to me on Wednesday.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Digital Storm - custom
    CPU
    Intel Core i9-13900KS (6.0 GHz Turbo)
    Motherboard
    ASUS ROG Maximus Z790 Hero
    Memory
    64GB DDR5 5200MHz Kingston FURY Beast
    Graphics Card(s)
    MSI GeForce RTX 3070 8GB
    Sound Card
    Integrated
    Monitor(s) Displays
    1 (Dell)
    Screen Resolution
    43" 4K 100% scale
    Hard Drives
    1TB SSD m.2 / 12TB HDD 3.5" / 2TB SSD m.2 / 4TB SSD 2.5"
    PSU
    850W Corsair RMx Series (Modular) (80 Plus Gold)
    Case
    Velox
    Cooling
    liquid AIO triple fan
    Keyboard
    Corsair K70 MX-Blue
    Mouse
    Razer V2 20Kdpi gaming
    Internet Speed
    1.2Gbps
    Browser
    Firefox
    Antivirus
    Defender
I don't think her computer came with any install media.
1 These days we make our own installation USBs.
Create Windows 11 Bootable USB Installation Media - ElevenForumTutorials


Don't know if she's got license keys.
2 Check in Settings, Updates, Activation that the computer is activated 'with a digital licence' as all or almost all are these days. The licence is stored online in MS's activation servers.
If it is then no Product Key is required during re-installation, see Step 7 of
Clean Install Windows 11 - ElevenForumTutorials
where you would choose I don't have a product key then Windows will retrieve its digital licence when you first go online and re-activate without any action on your part.

I mention this subject because you did. There is nothing yet to indicate that re-installation is required.
Just carry on with the scanning and then the situation will become clearer.
Personally, I would never re-install onto an infected computer. I would use Quick scan & Offline scan to clean it up first.


All the best,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
Just get any program that can write "X'00" or any random hex digits to the every physical sector relevant hdd's / ssd's. Domestic computers aren't subject these days to "Intensive N.Korean / Russian hacks". You are more likely to be scammed by giving out too much info on social media or opening unsolicited email.

I'll bet even if you were to get an HONEST poll of ALL the members of these Forums (both the W10 and W11 one's) and excluded pro I.T developers etc less than 0.01% would ever have these problems with viruses / malware etc. Even sites like TPB are excluding "dubious torrents" from their sites -- also NEVER EVER download a .rar file as these are the one's most likely to have nasty things in their payload.

A lot of this "Security paranoia" is so last C20 for so called I.T security specialists trying to save their jobs.

Note here --I'm only dealing with domestic "Mom and Pop" type of machines -- Corporate and national infrastructure attacking etc is still big business -- that's a totally different issue.

For typical Windows 10 / Windows 11 the standard WD protection is as good as it gets.

cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
1 These days we make our own installation USBs.
Create Windows 11 Bootable USB Installation Media - ElevenForumTutorials



2 Check in Settings, Updates, Activation that the computer is activated 'with a digital licence' as all or almost all are these days. The licence is stored online in MS's activation servers.
If it is then no Product Key is required during re-installation, see Step 7 of
Clean Install Windows 11 - ElevenForumTutorials
where you would choose I don't have a product key then Windows will retrieve its digital licence when you first go online and re-activate without any action on your part.

I mention this subject because you did. There is nothing yet to indicate that re-installation is required.
Just carry on with the scanning and then the situation will become clearer.
Personally, I would never re-install onto an infected computer. I would use Quick scan & Offline scan to clean it up first.


All the best,
Denis
Got it. Thanks.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Digital Storm - custom
    CPU
    Intel Core i9-13900KS (6.0 GHz Turbo)
    Motherboard
    ASUS ROG Maximus Z790 Hero
    Memory
    64GB DDR5 5200MHz Kingston FURY Beast
    Graphics Card(s)
    MSI GeForce RTX 3070 8GB
    Sound Card
    Integrated
    Monitor(s) Displays
    1 (Dell)
    Screen Resolution
    43" 4K 100% scale
    Hard Drives
    1TB SSD m.2 / 12TB HDD 3.5" / 2TB SSD m.2 / 4TB SSD 2.5"
    PSU
    850W Corsair RMx Series (Modular) (80 Plus Gold)
    Case
    Velox
    Cooling
    liquid AIO triple fan
    Keyboard
    Corsair K70 MX-Blue
    Mouse
    Razer V2 20Kdpi gaming
    Internet Speed
    1.2Gbps
    Browser
    Firefox
    Antivirus
    Defender
Ouch! I don't think her computer came with any install media. Don't know if she's got license keys. At least at this point she hasn't installed anything beyond what it came with.
Computers haven't come with install media in a long time unless the buyer bought it on the side. Windows 10-11 license keys are embedded in the uefi. New computers have a recovery partition but in case of infection, I would not use it nor would I use a system reset. If the computer is new and she hasn't installed a bunch of apps, a clean install makes even more sense. An added advantage of a clean install is that you don't end up with all the bloatware a OEM puts on the machine.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Last edited:

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
Sorry for not getting back sooner. My friend skipped out on me and went to Geek Squad. Found out from her they were sucessfull at removing the virus. I think she learned her lesson about clicking on unknown links.

All has not been lost on me. I've learned a lot from this thread and have made notes should the need arise again (hopefully not). Thank you.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Digital Storm - custom
    CPU
    Intel Core i9-13900KS (6.0 GHz Turbo)
    Motherboard
    ASUS ROG Maximus Z790 Hero
    Memory
    64GB DDR5 5200MHz Kingston FURY Beast
    Graphics Card(s)
    MSI GeForce RTX 3070 8GB
    Sound Card
    Integrated
    Monitor(s) Displays
    1 (Dell)
    Screen Resolution
    43" 4K 100% scale
    Hard Drives
    1TB SSD m.2 / 12TB HDD 3.5" / 2TB SSD m.2 / 4TB SSD 2.5"
    PSU
    850W Corsair RMx Series (Modular) (80 Plus Gold)
    Case
    Velox
    Cooling
    liquid AIO triple fan
    Keyboard
    Corsair K70 MX-Blue
    Mouse
    Razer V2 20Kdpi gaming
    Internet Speed
    1.2Gbps
    Browser
    Firefox
    Antivirus
    Defender
My friend skipped out on me and went to Geek Squad.
Probably reinstalled Windows and sold them a subscription to Webroot. $$
Something that could have been avoided if the user went to a dedicated malware removal forum. Free
 

My Computer

System One

  • OS
    Windows 10
@Porthos ...... better yet ask me to look at their computer !! 25 yrs. experience working them !
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
@Porthos yes because his friend took it to Geek Squad ! But as Brink told me Not to send them to other forums & that i could assist them here !!!
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender

Latest Support Threads

Back
Top Bottom