Jump to content

natty

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry to post again.. but found and unchecked the software in msconfig startup
  2. By the way here is a screenshot of 2 popups that appeared immediately after posting this topic that seem to originate from 'VCDDaemon.exe', which I do not believe to be a malicious process
  3. Hello there, I recently downloaded MBAM, and was shocked when every 2 minutes 'Successfully blocked website' appeared.. I ran a scan with MBAM and nothing was picked up with that nor Hitman Pro, but the popups kept coming, sometimes there is no popups for an hour and sometimes there is one every 2 seconds.. What is strange about these popups is that they do indeed seem to link to malicious domains, as I have googled these and they appear on a few Malicious domains list, what is more worrying is that these domains appear to not only be being accessed by firefox/chrome.exe, but also other legit applications like jusched.exe, steam.exe and VCDDaemon.exe.. leading me to believe maybe something is injecting some malware into these applications The computer seemed to be functioning completely normally until a few hours ago, now when I open Chrome I only see the window appear for about half a second before (something) closes it? I decided to look at some of the similar problems here to see if I could self diagnose the problem, I decided against doing anything else as I think this is outside my expertise.. I did run RogueKiller and it located a 'Supicious' file in "C:\Users\Nat\AppData\Roaming\.minecraft\assets\objects\03\DisplaySwitch.exe" I tried to upload the file to VirusTotal, but when I went to upload the file it was disappeared from the browse dialog? I checked to see if it was there, and it certainly was, I could see it in Windows Explorer, but not in the browse dialog box? I decided to add the exe to an empty zip folder, and upload the zip to Virustotal, the zip folder was found immediately, so is the .exe cloaking itself somehow? VirusTotal reported the .zip to have a detection rate of 4/51, the detections included 'W32.HfsReno.155f', 'Malware.QVM19.Gen', 'PE:Malware.XPACK-HIE/Heur!1.9C48', 'Suspicious.Cloud.5'. I tried to delete the DisplaySwitch.exe, and it disappeared. For about 2 minutes, after which it came back again all by itself? I believe this file may have some kind of link to the malware, although I don't know if this is it, whatever help you can offer is greatly appreciated although I thought that would be a potential lead onto the malware. Thank you for again help you can offer it is greatly appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.