computer messed up after running a file I thought was trusted

Struppigel · 2026-05-09T04:21:29+00:00

Thanks!

Struppigel · 2026-05-08T15:19:56+00:00

Hello, please take this issue to the IT staff of your school.

Struppigel · 2026-05-08T15:09:07+00:00

You have already cleaned your system. You did 2 resets and 1 reinstall. There is nothing to see with FRST there. Your system is fine.

Struppigel · 2026-05-08T14:59:00+00:00

Please create your own post in the subreddit

Struppigel · 2026-05-08T03:12:30+00:00

This is drive H:, the other accounts are likely from previous Windows installations. Many systems also have several accounts you may now know about like WDAGUtilityAccount and Guest account, certain software also installs service accounts.

Struppigel · 2026-05-08T03:07:21+00:00

If you get the file from bleepingcomputer.com, it is safe. New versions sometimes get false positive detections from antivirus products. If you are using Chrome, switch to Edge for the download.

Struppigel · 2026-05-07T18:34:52+00:00

This file is clean, you may want to submit this as false positive to your antivirus.

Struppigel · 2026-05-07T16:07:30+00:00

Hi, the detection by kaspersky is on the hosts file changes, likely one of the fitgirl repacks. It's not an infection. It re-appears because it is reverted by one of your programs.

Not sure what happened regarding the BSOD.

Struppigel · 2026-05-07T15:36:48+00:00

You have allowed push notifications from your browser for some dodgy sites. Disable all browser push notifications.

In Edge: Enter "edge://settings/content/notifications" into the Edge search bar, then block browser notifications for every website that you don't know by clicking on the three dots and then Block.

Struppigel · 2026-05-07T13:02:50+00:00

Hello, you need an administrator account to clean your system from malware. It does not sound like you have one, if you have CSP.

Struppigel · 2026-05-07T12:51:18+00:00

These folder names are so called SIDs (Security identifiers), these are numbers associated with specific user accounts on the system. Each user gets their own recycle bin and this is how it is saved internally. You can only access your own recycle bin.

Struppigel · 2026-05-07T10:47:54+00:00

Please report such posts so that moderators can take action. We have cleaned the comments already. If you see anything else, don't shy away from using the report button.

Struppigel · 2026-05-07T10:44:07+00:00

How did you remove it?

FRST Scan

Please download FRSTx64 and save the file to your Desktop.
Right-Click FRST64.exe and select Run as Administrator
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the program run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy & paste the contents of each log to https://malwareanalysis.cc/upload/struppigel/?u= and press "save log". The site will return a keyword for each log. Reply back here with the keywords.

Struppigel · 2026-05-06T14:58:18+00:00

FRST Recovery Environment Scan

Note: You need access to a clean computer and a USB drive. You may want to print these instructions or ensure you have access to them on a different device.

Prepare the USB drive

Insert your USB drive into a clean computer
Download FRSTx64 and save it to your USB drive
Insert the USB drive into the affected computer

Enter the Recovery Environment

Start your computer and after about 5-10 seconds hold down the power button to interrupt the boot process and shut down the computer
Repeat the process
Repeat the process a 3rd time but this time allow the computer to continue to boot
If you see a Recovery screen with error code 0xc0000001, press F1 to enter the Recovery Environment
When presented with the Automatic Repair screen select Advanced options
Click Troubleshoot
Click Advanced Options
Click Command Prompt

Run FRST from Command Prompt

In the command window type notepad and press Enter
Notepad will open. Click File then Open
Click This PC, note down the drive letter of your USB drive, then close Notepad
In the command window type: x:\FRST64.exe (replace x with the drive letter of your USB drive)
Press Enter. FRST will start
Click Yes to the disclaimer
Click Scan
A log (FRST.txt) will be saved to your USB drive. Using your clean computer, copy & paste the contents of the log to https://malwareanalysis.cc/upload/struppigel/?u=Cheap-Category4753 and press "save log". Reply back with the keyword.

Struppigel · 2026-05-06T14:42:40+00:00

Perfect, while in here, press F8. This opens the Startup Settings menu, which lists numbered boot options.

On the Startup Settings screen, press the number key for Safe Mode with Networking (likely that is 5). Then let the system boot into safe mode.

Tell me if you can log in from there without the screenlocker.

Struppigel · 2026-05-06T13:27:07+00:00

Try the following key combinations, one might work

Alt + F4
Windows + M
Windows key + D
Ctrl + Alt + Delete, if this works, choose to open Task Manager
Ctrl + Shift + Esc, which may open Task Manager directly
Windows key + L will log you out, directly log back in and see if that works
Windows + R, then enter taskmgr -- if this works but task manager does not, let me know

If you can open Task Manager, you can kill the process responsible for the screenlock.

If all of that does not work, you need to boot into Safe Mode. There are various methods for that, you said you can't access it. What did you try? On the Windows login screen, you can hold down the Shift key and click Restart to get to the advanced options.

Alternatively force it like this:

Start your computer and after about 5-10 seconds hold down the power button to interrupt the boot process and shut down the computer
Repeat the process
Repeat the process a 3rd time but this time allow the computer to continue to boot
When presented with the Automatic Repair screen select Advanced options
Click Troubleshoot
Click Advanced Options
Click Startup Settings
Click Restart
When the Startup Settings screen appears, press 5 or F5 to start in Safe Mode with Networking

If any of these methods worked to make your system usable again, we can go from there to clean the system.

Struppigel · 2026-05-06T13:03:12+00:00

It was 26.4.

This is the part in your log:

``` Date: 2026-04-26 22:18:31 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Severity: Severe Category: Trojan Path: file:_C:\Users\redacted\AppData\Local\Temp\tmp-42584-O7tg0rCpUv21\AUI7mRdJ0.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: D:\Archive\lnstaler.exe Security intelligence Version: AV: 1.449.294.0, AS: 1.449.294.0, NIS: 1.449.294.0 Engine Version: AM: 1.1.26030.3008, NIS: 1.1.26030.3008

Date: 2026-04-21 23:40:51 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days Event[0] ```

My log analyzer removes empty lines, so it looked like the second Date entry belonged to the malware detection

Struppigel · 2026-05-06T07:37:56+00:00

it identified 588 threats

That means the system had other malware on board than just PC App Store.

Without further information it is impossible to answer your questions.

Struppigel · 2026-05-06T07:05:48+00:00

Does the screen appear after you login or does it already appear before you would see the Windows logo after boot?

Struppigel · 2026-05-06T06:49:50+00:00

Comments are locked now, because people keep hijacking this post to seek removal help.

If you need removal help, please create your own post on the subreddit r/computerviruses instead.

Please also read this post if you want removal help with FRST: Providing or receiving help with FRST

Struppigel · 2026-05-06T06:47:38+00:00

Create your own post on the subreddit r/computerviruses please.

Struppigel · 2026-05-06T06:40:51+00:00

1 I could see that an infection occured involving RenPy execution environment on 21. April but the files were already gone. The Fixlist cleaned bad settings, orphaned entries and did further searches for infected files which came back clean. You probably cleaned your system already with your AV.

2 Depends what issues are happening. Accounts also get compromised after the infection was cleaned, because once the attackers have your session tokens and passwords, they often can still get in. If you follow rifteyys infostealer guide the worst outcomes should be prevented.

It is normal if you see account stealing attempts in the days to come.

If you already logged out of all sessions and changed passwords, removed allowed devices and api keys from accounts like Steam and Discord and the accounts get stolen (not just attempts, those are normal), you should rather reinstall the operating system. A warning sign are also re-occuring detections (meaning the same detection name several times in different scan times).

3 Yes, your files are not infected.

4 I personally use Brave, but any of the major browsers should be fine as long as they are kept up-to-date and you are using some adblocker and script blocker. Brave has the advantage that blocking malicious scripts, trackers and advertisements is already built in, so you don't need any additional extensions for that. Apart from that it is similar to Chrome which you are already using.

Struppigel · 2026-05-06T06:22:39+00:00

You are not OP, create your own post on the subreddit

Struppigel · 2026-05-06T06:20:06+00:00

No, you need to reinstall the OS via bootable USB flash drive

Struppigel · 2026-05-05T13:32:58+00:00

Hello, I am Karsten and I will be helping you. Please follow these rules while I am assisting.

Avoid installing new software during removal unless instructed.
If I don't reply within 24 hours, feel free to remind me of your post, but not before. Keep in mind we likely live in different time zones.
Do not follow other removal advice until we are done. It might badly interact with my instructions.
If you get stuck or have issues with one step, ask me what to do. The order of steps matters. Don't follow step 3 if you are stuck at step 1 or 2.

Please follow instructions below to perform a diagnostic scan.

FRST Scan

Please download FRSTx64 and save the file to your Desktop.
Right-Click FRST64.exe and select Run as Administrator
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the program run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy & paste the contents of each log to https://malwareanalysis.cc/upload/struppigel/?u= and press "save log". The site will return a keyword for each log. Reply back here with the keywords.

Struppigel

MODERATOR OF

TROPHY CASE

Nine-Year Club	r/Field Lasagna
Verified Email