sabertooth15

As of now, I don't see anything obviously wrong anymore. Thank you so much for the help, I appreciate it! Are there any programs that you recommend I run to potentially find/clean up any remnants that may not be obvious?

Here's the new Fixlog Fixlog.txt

Seems like whatever was causing the problem is gone (not getting popups from MWB telling me it blocked the miner with realtime scanning on), which is great, so thank you for that! Only thing left is potentially harmful files and settings that have been evading a majority of scanners. newest_malwarebytes_report.txt FRST.txt Addition.txt

Seems it detected the miner file again, however it may have spawned again during the fixing process. I know there are other files and settings that are harmful that I still have. For example, in Windows/SysWOW64, there is a fake conhost64.exe file that comes up as a trojan on virustotal.com, but clean to MalwareBytes. Would there be any way to check if any settings or remnant files exist? http://prntscr.com/j53clz http://prntscr.com/j53co2 new_malwarebytes_report.txt

Here is the log Fixlog.txt

I'll run the McAfee removal tool again, restart, and then use the fixlist file

Yeah I quarantined + removed it after; that's the file that gets spawned every hour or so and is the only one that gets detected by Malwarebytes (I ran FRST after removing the file MWB found and restarted)

Uninstalled the programs you requested and went through the steps. All logs are attached. malwarebytes_results.txt AdwCleaner[C00].txt AdwCleaner[S00].txt FRST.txt Addition.txt

Here you go. FRST.txt Addition.txt

PC got infected with an extremely hard to remove malware. It keeps creating a fake conhost.exe file in Windows/SysWOW64, as well as fake Adobe folders in AppData/Local. No rootkit/AV/Anti Malware program has been able to detect it. It starts up shortly after the PC boots, and its presence is known as soon as MalwareBytes blocks the RiskWare.BitCoinMiner process while doing live scans. The source of this process still cannot be found/cleaned, only the BitCoinMiner process it starts up every hour or so. It will close a majority of programs that run with cmd prompt, will close the browser when trying to search for specific keywords, and tries to blue screen if the user attempts to close or restart the PC. It doesn't seem to run in safe mode. After the malware "starts", FRST keeps getting closed whenever I try to launch it. Should I try to get the logs as soon as my PC boots (before the malware has a chance to start up), or should I get the logs in safe mode? Any help is appreciated!