Jump to content

RisicoWolf

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by RisicoWolf

  1. There is nothing else I can think of that I need at the moment. I do have a question though: After disinfecting a virus and it’s files, are there any changes it could make to a system that can phone back or would those be detected as malware modifications and be dealt accordingly? I’ve been pretty worried about this, but from what you have said, I believe my computer is fine for now. Thank you again for cleaning up the leftover files! :) I’ll be awaiting your instructions.
  2. The results of the SFC Scan were that "Windows Resource Protection did not find any integrity violations"
  3. Defender results: No Current Threats, Last Scan: 11/11/2020 12:56 AM (full scan), 0 threats found, Scan lasted 4 hours 17 minutes, 1245998 files scanned. Attached are both of my FRST logs. FRST.txt Addition.txt
  4. BTW, I ran the powershell script found in that forum post and it showed that OneDrive was started by the system (based on the parent id), so I'll just chalk it up to an automated system process then.
  5. Alright, thanks for confirming with me that the machine is clean, I guess the fact that my machine runs on an HDD may account for the slower performance. Also I don't have any music or files that I sync on OneDrive, but I assume some other app utilizes OneDrive sync for some reason. Nothing appears to be in services besides the usual game clients and Nvidia services and Startup is clean as well. I wasn't sure about the Neshta Infection but from what I understand, it only affects infected exes correct? If so, then there's nothing to worry about on my side.
  6. Yep, that is the file path that I got when I opened the file location of the process, also Edge sometimes pops up with "Help with File Explorer" on its own (my headset cable was close to my keyboard at the time, so I moved it away) and I just saw Chrome open up on its own (Might have been me clicking on it earlier before going out briefly, but I'm not sure). I set Hidden Files and Folders to be shown. Here is the VirusTotal scan of the exe: https://www.virustotal.com/gui/file/618c48236a2ab1bde332751ce05d666d29815399ab9a26c1dea575c08caa5506/detection and also the Safety Scanner log (it shows my machine is clean so far): msert.log
  7. Additionally, once when I clicked on the file location of the FileCoAuth process in task manager before it disappeared, it appeared to be the real FileCoAuth but I’m still suspicious if this is normal or not.
  8. Hi Maurice, I prefer to go by Alex, I’ll run the MSE Full Scan but it will take some time to complete, I’ll post a log here when it’s done.
  9. Hello, a while ago I suffered from an attack of a Neshta virus by downloading a game from Itch.io (first time encountering a virus on the page). It was blocked by Microsoft Security Essentials, I stupidly turned off MSE, thinking it was a false positive and clicked the fake game exe. I noticed that the program was executing in a wrong way (not like other games from the site as it appeared to unzip something) and I quickly shut down the viral process that was running, turned MSE back on, and deleted the file called AsmValue.exe (That was in its own folder in AppData Roaming) . A few of my game clients were infected along with OneDrive and Discord but I reinstalled them with fresh installers after deleting the infected exes, I ran the AVG Neshta remover which disinfected several files, I also ran a full MalwareBytes scan which detected OneDrive as being infected along with registry values and it cleaned those. After that, I was able to run several scans from Avast, Eset Online Scanner, HitmanPro, TDSS Killer, MBAR, and Kaspersky but I found no evidence of Malware on my System from the scans. Ever since then, my computer has been running mostly fine. However the startup seems to have been a bit slower than before, and even though I have OneDrive turned off, there are sudden spikes related to FileCoAuth.exe (32 bit) in process explorer that quickly disappear before I have a chance to figure out whether it is a legit process or not. I'm sure my computer is mostly fine for the time being, but I'm still worried that my system potentially has something that wasn't picked up by the scanners. Can someone help me verify that this is the case? Attached below are the entries for FileCoAuth, AsmValue.exe, and an exe that ran from the infected game exe
  10. So I found out that my machine has contacted a virus that causes search queries on browsers to be redirected, it runs several processes that are found in folders in the c:\users\username\appdata\local folder. In the process explorer, one of the viruses has a "print driver host" description, and the other ones have "windows process monitor" next to them, I have attempted to run a Malwarebytes scan, but with no detections, and I am currently running an Avast scan as well. Whenever the computer reboots, I am unable to open Malwarebytes or Avast without reinstalling or repairing them. Can someone please tell me what I need to do to remove this injector short of a reinstall? (I won't be able to use the machine for a while, due to college starting tomorrow).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.