My Windows 7 Pro, 64-bit computer was infected by Eternal Blue when I downloaded Google Chrome on 10/5/2017. It lay low for a bit before erupting on 10/30. Fortunately I had Avast and it caught it. However it's now over 2 weeks later now and I am still being yelled at by Avast 2 to 8 times a day. I hear "Threat detected!" eight times in a row with each attack.
I did what I could to remove it. I ran a full Avast scan, installed the MS17-010 fix, and downloaded and ran both Malwarebytes and CCleaner, but none of this got rid of it. I found a webpage where detailed instructions were given for removing it manually but when I went through all the steps, I wound up removing nothing because I found nothing to remove. I had already uninstalled Chrome.
https://www.removeallvirus.com/steps-remove-eternalblue-exploit-virus-easilyBut then, while checking the entries in the registry step, I noticed something that I though was a little odd - a registry entry that had what appeared to be a Chinese character in it. I asked my brother about it (he's an IT professional) and he said that having Chinese characters in your registry only meant that a program that you installed had originated in China.
Still, I'd like to confirm that this has nothing to do with Eternal Blue because I am still being attacked.
So here's a screenshot of what I see when I run regedit:
If this is not the issue causing Eternal Hell to keep haunting me, then I have to ask what is? And what more can I do to get rid of it?
Some other info that might come in handy when figuring this out:
My brother gave me this computer about six months ago when I asked for one of his old desktops to supplement my own ancient Windows XP laptop. Being an IT professional, he gave it to me as a clean machine - with all his own stuff removed. I think he may also have reinstalled Windows 7 from scratch.
I installed quite a bit of my own software (I am into 3D design and animation, and used 4 or 5 programs associated with that alone). However, once I got infected with Eternal Blue, I decided to back up all my data to an external hard drive, clean what I had backed up off of my system disks, except for what I would have immediate need for, and disconnected the external drive.
I then uninstalled every program that I didn't immediately have need of, including all my 3D programs (I was in a hiatus from development at that point).
So I have a pretty clean machine at this point. So clean that I can show all the programs installed on my computer in a single screenshot:
If there is any more info I can provide, please let me know.
Beth
EDIT: Since I don't see my images in the post, I am guessing that it's because images are banned until either reviewed for new members or until new members have posted a set number of posts, so here are direct links to those images.
Avast warning screenshot:
https://flic.kr/p/21ud3BEregedit screenshot:
https://flic.kr/p/ZrMDhyInstalled programs screenshot:
https://flic.kr/p/ZrMEcu