The gretorsely virus - help

I'm helping a friend who clicked on a link in an email that she should have guessed was bogus. Now she's got this virus with popup windows every minute or so with some bogus message trying to get her to click on more. There's also an 'X' that she says she's been clicking on to get the popup to go away. It's been installing SO MUCH stuff on her computer (which is almost brand new) that it took me 2 hours to clean it up. However, for all the uninstalling I did the popups never went away. I googled "gretorsely" and it's apparently a known virus. Of course there's several suggestions to use SpyHunter malware remover to get rid of it. The researching SpyHunter it says that's a virus too. I tried Malwarebytes but a scan didn't turn up anything.

Anybody familiar with this virus that can point me in the right direction? Or maybe a hint of what I might try next? Much appreciated.

What did Windows security (Defender) have to say?
Manually Scan with Microsoft Defender Antivirus - ElevenForumTutorials
Run Microsoft Defender Offline Scan - ElevenForumTutorials
1 A Quick scan should detect & remove malware
2 An offline scan should detect & remove 'rootkit' malware
3 A Full scan should remove inactive remnants left behind after removal. It's a tidy-up rather than a threat-removal procedure and it can take hours.

If Defender cannot find anything then use Microsoft Safety Scanner


Best of luck,
Denis

Thanks. She runs Defender but I'll go back and do some scans. Probably Wednesday.

I wouldn't have to think about how I'd get rid of it...low level format and clean install. That infection appears to be a nasty one. Such infections can hide code that can come back any time in the future even if you think you removed everything. She needs to be concerned that some of her private information may have already been stolen.

Hopefully @flashh4 can also help here.

glasskuter said:

Such infections can hide code that can come back any time in the future

Click to expand...

It was because of the potential for rootkits that I suggested WD offline scan.

All the best,
Denis

@Carey Brown, i can help with that Malware/Virus or what ever we find !
First run these programs & if the logs are 2 large to post you will have to zip them to me !

Malwarebytes AdwCleaner >>> Download AdwCleaner

Please download AdwCleaner and save it to your Desktop
* Close all open programs and browsers
* Right click on the icon and select Run as administrator
* Click Scan now
* Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
* When completed click View Scan Log File
* Copy and paste the contents in your reply
* Click Skip Basic Repair if it appears then close the program

====================================

Full System Scan with Malwarebytes Antimalware >>> Download Malware Removal 2023 | Free Antivirus Scan & Virus Protection Tool
* If not existing, please download Malwarebytes' Anti-Malware to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If the program is already installed:
* Run Malwarebytes Antimalware
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
* Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
*** Post that log back here or just tell me what it found ?
If it is to long then you will have to zip it or find a site to download it to & let me know where !

glasskuter said:

I wouldn't have to think about how I'd get rid of it...low level format and clean install. That infection appears to be a nasty one. Such infections can hide code that can come back any time in the future even if you think you removed everything. She needs to be concerned that some of her private information may have already been stolen.

Click to expand...

Ouch! I don't think her computer came with any install media. Don't know if she's got license keys. At least at this point she hasn't installed anything beyond what it came with.

Thanks flashh4, that's a generous offer. I'm trying to get her to bring her machine back to me on Wednesday.

Carey Brown said:

I don't think her computer came with any install media.

Click to expand...

1 These days we make our own installation USBs.
Create Windows 11 Bootable USB Installation Media - ElevenForumTutorials

Carey Brown said:

Don't know if she's got license keys.

Click to expand...

2 Check in Settings, Updates, Activation that the computer is activated 'with a digital licence' as all or almost all are these days. The licence is stored online in MS's activation servers.
If it is then no Product Key is required during re-installation, see Step 7 of
Clean Install Windows 11 - ElevenForumTutorials
where you would choose I don't have a product key then Windows will retrieve its digital licence when you first go online and re-activate without any action on your part.

I mention this subject because you did. There is nothing yet to indicate that re-installation is required.
Just carry on with the scanning and then the situation will become clearer.
Personally, I would never re-install onto an infected computer. I would use Quick scan & Offline scan to clean it up first.


All the best,
Denis

Just get any program that can write "X'00" or any random hex digits to the every physical sector relevant hdd's / ssd's. Domestic computers aren't subject these days to "Intensive N.Korean / Russian hacks". You are more likely to be scammed by giving out too much info on social media or opening unsolicited email.

I'll bet even if you were to get an HONEST poll of ALL the members of these Forums (both the W10 and W11 one's) and excluded pro I.T developers etc less than 0.01% would ever have these problems with viruses / malware etc. Even sites like TPB are excluding "dubious torrents" from their sites -- also NEVER EVER download a .rar file as these are the one's most likely to have nasty things in their payload.

A lot of this "Security paranoia" is so last C20 for so called I.T security specialists trying to save their jobs.

Note here --I'm only dealing with domestic "Mom and Pop" type of machines -- Corporate and national infrastructure attacking etc is still big business -- that's a totally different issue.

For typical Windows 10 / Windows 11 the standard WD protection is as good as it gets.

cheers
jimbo

Try3 said:

1 These days we make our own installation USBs.
Create Windows 11 Bootable USB Installation Media - ElevenForumTutorials



2 Check in Settings, Updates, Activation that the computer is activated 'with a digital licence' as all or almost all are these days. The licence is stored online in MS's activation servers.
If it is then no Product Key is required during re-installation, see Step 7 of
Clean Install Windows 11 - ElevenForumTutorials
where you would choose I don't have a product key then Windows will retrieve its digital licence when you first go online and re-activate without any action on your part.

I mention this subject because you did. There is nothing yet to indicate that re-installation is required.
Just carry on with the scanning and then the situation will become clearer.
Personally, I would never re-install onto an infected computer. I would use Quick scan & Offline scan to clean it up first.


All the best,
Denis

Click to expand...

Got it. Thanks.

Carey Brown said:

Ouch! I don't think her computer came with any install media. Don't know if she's got license keys. At least at this point she hasn't installed anything beyond what it came with.

Click to expand...

Computers haven't come with install media in a long time unless the buyer bought it on the side. Windows 10-11 license keys are embedded in the uefi. New computers have a recovery partition but in case of infection, I would not use it nor would I use a system reset. If the computer is new and she hasn't installed a bunch of apps, a clean install makes even more sense. An added advantage of a clean install is that you don't end up with all the bloatware a OEM puts on the machine.

I urge you not to consider a clean install until, at least, Run Microsoft Defender Offline Scan - ElevenForumTutorials has given you a clean bill of health so that you can be confident that there's no rootkit at work [which would render the clean install a waste of time and, if you have not also got a clean bill of health from Manually Scan with Microsoft Defender Antivirus - ElevenForumTutorials, result in an infected install USB].

Denis

Sorry for not getting back sooner. My friend skipped out on me and went to Geek Squad. Found out from her they were sucessfull at removing the virus. I think she learned her lesson about clicking on unknown links.

All has not been lost on me. I've learned a lot from this thread and have made notes should the need arise again (hopefully not). Thank you.

Carey Brown said:

My friend skipped out on me and went to Geek Squad.

Click to expand...

Probably reinstalled Windows and sold them a subscription to Webroot. $$
Something that could have been avoided if the user went to a dedicated malware removal forum. Free

@Porthos ...... better yet ask me to look at their computer !! 25 yrs. experience working them !

flashh4 said:

better yet ask me to look at their computer !! 25 yrs. experience working them !

Click to expand...

You offered assistance and not taken up on it.

@Porthos yes because his friend took it to Geek Squad ! But as Brink told me Not to send them to other forums & that i could assist them here !!!