New install of Kaspersky Internet Security does not start on an infected PC

[morgenstern]

A friend has asked me to take a look at his Windows 10 PC which appears to be infected by all sorts of nasties. When I try installing the latest version of  KIS, I get to the screen where it offers to “Take a tour through the application features”, etc but nothing happens afterwards.

If I try starting the app via Start menu, I get the “Problem with Shortcut” error, saying that the “avpui.exe” file has been moved or deleted.

I tried scanning from the Kaspersky recovery CD with no success.

Also ran Malwarebytes from both safe mode and normal mode with detections found and quarantined but no change to the Kaspersky reinstall attempts.

I strongly suspect there is still some elusive malware present on that machine that kills the KIS before it has a chance to load. But so far it’s avoiding detection by any means I tried.

I also noticed that the Windows Defender security centre shows a blank page when navigated to from the Windows Settings menu and it’s taskbar icon does not show. The Security Centre service is running though.

[Schulte]

Hello @morgenstern, Welcome.

Please see this article, section 'Solution'. Maybe these instructions will help.

Failed to install Kaspersky application. Your computer might be infected.

[Guest]

If it were me…   I would copy personal files off, download a W10 21H2 installation media direct from Microsoft ONLY (https://www.microsoft.com/en-gb/software-download/windows10) and burn it to a memory stick, boot with it and wipe all partitions and install a fresh Windows 10.  It’s the best way if its that badly infected.  

 

Then tell your friend to be more careful !

 

e.g. people who don’t have an Antivirus of good reputation (or disable it to do something and then re-enable it later) are asking for trouble.  I am not saying your friend did any of that but it seems likely. Some of the AV products still let you install all sorts of junk (PUP’s).  Bullguard for example, AVG is also pretty lax.  Most of the machines I have in have either just plain old Windows Defender or McAfee to be honest.  Wouldn’t trust either of them with my OS. 

 

If Malwarebytes scan + ADWCleaner Scan + RogueKiller scan + ESET Online scan does not clean the machine up nicely then it is too far gone imho.

[morgenstern]

Hello @morgenstern, Welcome.

Please see this article, section 'Solution'. Maybe these instructions will help.

Failed to install Kaspersky application. Your computer might be infected.

Hi, unfortunately the neither the KVRT or the TDSSKiller have found anything.

[morgenstern]

If it were me…   I would copy personal files off, download a W10 21H2 installation media direct from Microsoft ONLY (https://www.microsoft.com/en-gb/software-download/windows10) and burn it to a memory stick, boot with it and wipe all partitions and install a fresh Windows 10.  It’s the best way if its that badly infected.  

Then tell your friend to be more careful !

 

Yeah, if it were my computer I’d have nuked it ages ago. But in all honesty I would never have let it get this far. But since it belongs to a naive / irresponsible old gentleman that lives next door, all I can do is try.

RogueKiller scan seems to have found a few bits that Malwarebytes and ADWC missed. Running ESET now. We’ll see in a couple of hours.

 

[Guest]

I have many of those as customers mate.  try dealing with 10 of them at once.  Mare……    Do 6 hours work and charge them for 1 or 2 and they still are not understanding or grateful. Charge them the full 6 and they complain when - in reality to do a proper clean of a machine (as oppoesed to a wipe) can take forever. 

 

Roguekiller can throw up some false positives…  Be wary.

ESET online scanner takes an age so set it running before going to bed, make sure you set power options not to sleep or use “Don’t Sleep” .. https://www.portablefreeware.com/?id=1738  and let it do its thing. It’s also pretty good.

If you have done all of those and it’s still not right then no choice but to hard wipe and reset. Upgrade him to an SSD at the same time if he has a spinning drive (charge him of course for the cost of the hardware) and he will have a new machine that is 3-4 times faster than the old for a small additional outlay (as long as he doesn’t have too much data) and it will make him happy.  Install KAS and set an admin PW on it so its enabled and he can’t turn it off (with his permission of course).  It will make him think twice.   Install ABP too in all the browsers (if W10 21H2 actually remove IE11 to prevent him accidentally/stupidly using IE11.  

Politely remind him that you will charge him £35 per hour next time.

[Guest]

Also,  If its really really bad and you simply cannot wipe it you can try free WRAIO  - BACKUP first though with Macrium Reflect (Free) full system image!!

 

WRAIO - https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

 

Make sure you run it in SAFE mode.

 

[Guest]

Opening a ticket on Bleeping computer can also help but it’s a 1-2 week process as they are very busy.  https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/  

[morgenstern]

If it were me…   I would copy personal files off, download a W10 21H2 installation media direct from Microsoft ONLY (https://www.microsoft.com/en-gb/software-download/windows10) and burn it to a memory stick, boot with it and wipe all partitions and install a fresh Windows 10.  It’s the best way if its that badly infected.  

 

Then tell your friend to be more careful !

 

e.g. people who don’t have an Antivirus of good reputation (or disable it to do something and then re-enable it later) are asking for trouble.  I am not saying your friend did any of that but it seems likely. Some of the AV products still let you install all sorts of junk (PUP’s).  Bullguard for example, AVG is also pretty lax.  Most of the machines I have in have either just plain old Windows Defender or McAfee to be honest.  Wouldn’t trust either of them with my OS. 

 

If Malwarebytes scan + ADWCleaner Scan + RogueKiller scan + ESET Online scan does not clean the machine up nicely then it is too far gone imho.

As recommended, I’ve done much scanning with Malwarebytes + ADWCleaner + Roguekiller + ESET. Afterwards I have completely unistalled Kaspersky Internet Security, restarted and lo and behold I was able to install it properly.

As you suggested I also password protected the KIS settings.

 

Many thanks!