T410

Thank you so much Ron

Hi Ron, I have just uploaded the whole folder and also attached the Fixlog.txt (I tweaked the fixlist.txt you uploaded to zip the folder) Folder link: https://drive.google.com/file/d/1SM469icxbr7AOKLsOsqr7aGbQ7jSX4WT/view?usp=sharing Malwarebytes found the threats and quarantined them. Thanks Ron One last question: Can I go and shift + delete the files or are there any better/safe ways to do it? malwarebytes.txt Fixlog.txt

Hi Ron, The zip file exceeds the file uploading limit. It's 142 MB. I am uploading it to Google Drive. If it doesn't OK for you just let me know where should I upload it. And also other than dlls and guard.exe file there is a mint.exe file which starts by guard.exe . I think the "mining" operation is being done by that mint.exe because "guard.exe" is always running at the background when I check it in the Task Manager. But "mint.exe" starts when I completely leave my pc idle for a few minutes. (I left task manager open and left the pc for a few minutes.) Should I completely zip the folder that I thought infected? Or just "Guard.exe" is fine? The zip file link: https://drive.google.com/file/d/10EKa1wDeOsg92c7bEQH3L8yl9_zaCkDg/view?usp=sharing Fixlog.txt

I have followed the steps. The attachments are included. But Adwcleaner can't see the malicious file. In FRST.txt malicious file "guard.exe" can be seen though. AdwCleaner[S0].txt Addition.txt FRST.txt malwarebytes.txt

Hello, My laptop has been using it's fan quite vigorously when it's idle but I didn't take it seriously. Today I realized it is really bugging me out. When no input is given to the pc it began to spin its fans really fast. But when I move the mouse it almost suddenly stops. Then I ran Tas Manager on the screen and I waited. When the fans began to spin again I realized a process is using almost 60% of my CPU. Name of the process is "mint.exe". No luck finding any information though. Ran a malwarebytes scan and it found 1 software. "Guard.lnk" which lead me to "Guard.exe" in "C:\Users\user\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings". BTW "Internet Settings" folder is hidden. Showing hidden items didn't help. But going directly to the address let me in. Content of the folder is attached. There is a "config.txt" file in the folder which led me thinking it is a stealth miner malware. You will get when you see the config file which is attached also. If any of you guys want me to share the files for analyzing purposes I will gladly share them with you. But I want them to be gone of course. malwarebytes report, FRST.txt, Addition.txt files are attached. TL;DR: Cryptocurrency miner malware infected. Need to remove. Please help. Required files are attached. Thank you config.txt malwarebytes.txt FRST.txt Addition.txt