RisicoWolf
Members-
Posts
14 -
Joined
-
Last visited
Reputation
0 Neutral-
There is nothing else I can think of that I need at the moment. I do have a question though: After disinfecting a virus and it’s files, are there any changes it could make to a system that can phone back or would those be detected as malware modifications and be dealt accordingly? I’ve been pretty worried about this, but from what you have said, I believe my computer is fine for now. Thank you again for cleaning up the leftover files! :) I’ll be awaiting your instructions.
-
Alright, thanks for confirming with me that the machine is clean, I guess the fact that my machine runs on an HDD may account for the slower performance. Also I don't have any music or files that I sync on OneDrive, but I assume some other app utilizes OneDrive sync for some reason. Nothing appears to be in services besides the usual game clients and Nvidia services and Startup is clean as well. I wasn't sure about the Neshta Infection but from what I understand, it only affects infected exes correct? If so, then there's nothing to worry about on my side.
-
Yep, that is the file path that I got when I opened the file location of the process, also Edge sometimes pops up with "Help with File Explorer" on its own (my headset cable was close to my keyboard at the time, so I moved it away) and I just saw Chrome open up on its own (Might have been me clicking on it earlier before going out briefly, but I'm not sure). I set Hidden Files and Folders to be shown. Here is the VirusTotal scan of the exe: https://www.virustotal.com/gui/file/618c48236a2ab1bde332751ce05d666d29815399ab9a26c1dea575c08caa5506/detection and also the Safety Scanner log (it shows my machine is clean so far): msert.log
-
Hello, a while ago I suffered from an attack of a Neshta virus by downloading a game from Itch.io (first time encountering a virus on the page). It was blocked by Microsoft Security Essentials, I stupidly turned off MSE, thinking it was a false positive and clicked the fake game exe. I noticed that the program was executing in a wrong way (not like other games from the site as it appeared to unzip something) and I quickly shut down the viral process that was running, turned MSE back on, and deleted the file called AsmValue.exe (That was in its own folder in AppData Roaming) . A few of my game clients were infected along with OneDrive and Discord but I reinstalled them with fresh installers after deleting the infected exes, I ran the AVG Neshta remover which disinfected several files, I also ran a full MalwareBytes scan which detected OneDrive as being infected along with registry values and it cleaned those. After that, I was able to run several scans from Avast, Eset Online Scanner, HitmanPro, TDSS Killer, MBAR, and Kaspersky but I found no evidence of Malware on my System from the scans. Ever since then, my computer has been running mostly fine. However the startup seems to have been a bit slower than before, and even though I have OneDrive turned off, there are sudden spikes related to FileCoAuth.exe (32 bit) in process explorer that quickly disappear before I have a chance to figure out whether it is a legit process or not. I'm sure my computer is mostly fine for the time being, but I'm still worried that my system potentially has something that wasn't picked up by the scanners. Can someone help me verify that this is the case? Attached below are the entries for FileCoAuth, AsmValue.exe, and an exe that ran from the infected game exe
-
So I found out that my machine has contacted a virus that causes search queries on browsers to be redirected, it runs several processes that are found in folders in the c:\users\username\appdata\local folder. In the process explorer, one of the viruses has a "print driver host" description, and the other ones have "windows process monitor" next to them, I have attempted to run a Malwarebytes scan, but with no detections, and I am currently running an Avast scan as well. Whenever the computer reboots, I am unable to open Malwarebytes or Avast without reinstalling or repairing them. Can someone please tell me what I need to do to remove this injector short of a reinstall? (I won't be able to use the machine for a while, due to college starting tomorrow).