mareek33
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mareek33
-
-
4 minutes ago, Aura said:
Thank you
How's your system behaving now? Were there any other issues to address?
No, not really. My PC used to hang after like 2 hours of use which I blame on the Crypto Miner (I don't have a very good CPU or GPU), that doesn't seem to happen anymore. Executables are also fine now.
Thank you for your help! -
-
-
-
17 hours ago, Aura said:
Did you clean the threats AdwCleaner detected? Since you gave me a scan log, and not a clean log.
that's the log that appeared after rebooting, but yes I did
-
# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 08 13:18:48 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-07.2
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\Windows\System32\SSL
PUP.Optional.Legacy, C:\Windows\SysWOW64\SSL
PUP.Optional.Legacy, C:\Windows\System32\C2MP
PUP.Optional.Legacy, C:\Windows\SysWOW64\C2MP
PUP.Optional.Legacy, C:\Users\usuario\AppData\Local\AdvinstAnalytics
PUP.Optional.FastDataX, C:\Users\usuario\AppData\Roaming\FastDataX
Trojan.Agent, C:\Windows\rss
***** [ Files ] *****No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
PUP.Adware.Heuristic, 607d0b4066992dbdab977368653518a4
***** [ Registry ] *****PUP.Optional.Vittalia, [Key] - HKU\S-1-5-21-1555874376-2349430391-1355095412-1002\Software\Vittalia
PUP.Optional.Vittalia, [Key] - HKCU\Software\Vittalia
Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves
PUP.Optional.Microleaves, [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves, [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\
***** [ Firefox (and derivatives) ] *****No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
RogueKiller V12.12.7.0 (x64) [Mar 5 2018] (Gratuito) por Adlice Software
correo : http://www.adlice.com/contact/
Realimentación : https://forum.adlice.com
Página Web : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.comSistema Operativo : Windows 10 (10.0.16299) 64 bits version
Comenzado en : Modo Normal
Usuario : usuario [Administrador]
Iniciado desde : C:\Program Files\RogueKiller\RogueKiller64.exe
Modo : Borrar -- Fecha : 03/08/2018 12:52:21 (Duración : 00:58:19)¤¤¤ Procesos : 0 ¤¤¤
¤¤¤ Registro : 2 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\system_udp_controller (C:\ProgramData\3b2c0bbdcd\cb78a2950c.exe) -> Borrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fa23fd01-c76a-4784-aef4-35077c0a1688} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Reemplazado ()¤¤¤ Tareas : 0 ¤¤¤
¤¤¤ Archivos : 2 ¤¤¤
[PUP.Gen0][Archivo] C:\Windows\SECOH-QAD.exe -> Borrado
[PUP.EpicNet][Carpeta] C:\Users\usuario\AppData\Local\Temp\csrss -> Borrado
[PUP.EpicNet][Archivo] C:\Users\usuario\AppData\Local\Temp\csrss\patch.exe -> Borrado¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Archivo Hosts : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤
¤¤¤ Exploradores Web : 0 ¤¤¤
¤¤¤ Comprobacion MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200LPVX-00V0TT0 +++++
--- User ---
[MBR] 3aa4343f6b5f67510afd5b54a3193f68
[BSP] 155e9bea9653f90b8a6f9a7baf6eda20 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 304271 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 624175104 | Size: 470 MB
User = LL1 ... OK
User = LL2 ... OK -
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 3/8/18
Scan Time: 10:02 AM
Log File: e87d9c0c-22d0-11e8-a1dd-7085c20deffe.json
Administrator: Yes-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4256
License: Trial-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: DESKTOP-HGPBLI2\usuario-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296998
Threats Detected: 66
Threats Quarantined: 66
Time Elapsed: 5 min, 16 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 1
Generic.Malware/Suspicious, C:\USERS\USUARIO\APPDATA\LOCAL\TEMP\CSRSS\MRT.EXE, Quarantined, [0], [392686],1.0.4256Module: 1
Generic.Malware/Suspicious, C:\USERS\USUARIO\APPDATA\LOCAL\TEMP\CSRSS\MRT.EXE, Quarantined, [0], [392686],1.0.4256Registry Key: 32
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G1, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CB497FC-2B66-4F47-B7B8-DBE160284C40}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{0CB497FC-2B66-4F47-B7B8-DBE160284C40}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UPDATER_ONLINE_APPLICATION, Quarantined, [515], [391429],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{20CF325B-759D-4591-A5B3-3C304BA468F3}, Quarantined, [515], [391429],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{20CF325B-759D-4591-A5B3-3C304BA468F3}, Quarantined, [515], [391429],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G2, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AE37894C-B9D7-4778-B36B-D1E42EC024EB}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{AE37894C-B9D7-4778-B36B-D1E42EC024EB}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G3, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F18B69A8-EA0B-4E86-B8A2-F696C33F4C3C}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F18B69A8-EA0B-4E86-B8A2-F696C33F4C3C}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G4, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F036B1F3-9DA5-4125-959A-E2484D90786F}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F036B1F3-9DA5-4125-959A-E2484D90786F}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G5, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C78868E-530B-4020-9FDA-A1E125AFDB6E}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{2C78868E-530B-4020-9FDA-A1E125AFDB6E}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G6, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3F705485-493D-4068-8821-CD75832230DD}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3F705485-493D-4068-8821-CD75832230DD}, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [515], [339688],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [515], [398592],1.0.4256
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE, Quarantined, [0], [392686],1.0.4256
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE, Quarantined, [0], [392686],1.0.4256
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MRT, Quarantined, [0], [392686],1.0.4256
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{356F3250-6221-4A93-ABE5-A805D7B70EBB}, Quarantined, [0], [392686],1.0.4256
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{356F3250-6221-4A93-ABE5-A805D7B70EBB}, Quarantined, [0], [392686],1.0.4256
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4256
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4256
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [73], [170024],1.0.4256Registry Value: 12
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CB497FC-2B66-4F47-B7B8-DBE160284C40}|PATH, Quarantined, [515], [317311],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{20CF325B-759D-4591-A5B3-3C304BA468F3}|PATH, Quarantined, [515], [391427],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C78868E-530B-4020-9FDA-A1E125AFDB6E}|PATH, Quarantined, [515], [317311],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3F705485-493D-4068-8821-CD75832230DD}|PATH, Quarantined, [515], [317311],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AE37894C-B9D7-4778-B36B-D1E42EC024EB}|PATH, Quarantined, [515], [317311],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F036B1F3-9DA5-4125-959A-E2484D90786F}|PATH, Quarantined, [515], [317311],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F18B69A8-EA0B-4E86-B8A2-F696C33F4C3C}|PATH, Quarantined, [515], [317311],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Quarantined, [515], [333852],1.0.4256
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Quarantined, [515], [321304],1.0.4256
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1555874376-2349430391-1355095412-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 1
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [515], [391425],1.0.4256File: 19
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G1, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Quarantined, [515], [391430],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\UPDATER_ONLINE_APPLICATION, Quarantined, [515], [391429],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G2, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G3, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G4, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G5, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\Online Application V2G6, Quarantined, [515], [317314],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G1.job, Quarantined, [515], [382506],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G2.job, Quarantined, [515], [382506],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G3.job, Quarantined, [515], [382506],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G4.job, Quarantined, [515], [382506],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G5.job, Quarantined, [515], [382506],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\Online Application V2G6.job, Quarantined, [515], [382506],1.0.4256
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [515], [391431],1.0.4256
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [515], [391425],1.0.4256
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [515], [391425],1.0.4256
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\MRT, Quarantined, [0], [392686],1.0.4256
Generic.Malware/Suspicious, C:\USERS\USUARIO\APPDATA\LOCAL\TEMP\CSRSS\MRT.EXE, Quarantined, [0], [392686],1.0.4256Physical Sector: 0
(No malicious items detected)
(end) -
55 minutes ago, mareek33 said:
That one doesn't work either, not the exe file or the cmd file. Same error "Not a Malwarebytes file".
UPDATE: I was able to run MBAR (I had to use the fix feature on FRST to remove the registry entries the Malware added). Here are the logs
-
19 hours ago, Aura said:
Try the zipped version. Extract it, then launch the MBAR.exe file inside.
That one doesn't work either, not the exe file or the cmd file. Same error "Not a Malwarebytes file".
-
Downloading the MBAR from your link and running the program gives an error message that says "not a Malwarebytes file"
-
-
My desktop PC has been infected by what I think is a malware called "Cloud Net" (This .exe is running permanently and refuses to be killed by task manager, it also appears at about the same time i noticed issues). When I run some EXE files (Especially anti-virus software like MalwareBytes, FRST and MBAR), the program closes them and then deletes the exe (This also happens with random programs like DS4Windows). I have no way to get rid of this since all Anti-Virus options are either blocked or deleted. I have no idea what to do now. Help!
Also, I know i'm supposed to post my MalwareBytes and FRST results but i simply cannot run either of these programes since Malwarebytes gets blocked altogether and FRST gets closed and deleted.
Malware closes random EXE files and then deletes them
in Resolved Malware Removal Logs
Posted
No, not really. Thank you for your patience with me! I will make sure to recommend Malwarebytes and its products to everyone that asks