PC got infected with an extremely hard to remove malware. It keeps creating a fake conhost.exe file in Windows/SysWOW64, as well as fake Adobe folders in AppData/Local. No rootkit/AV/Anti Malware program has been able to detect it.
It starts up shortly after the PC boots, and its presence is known as soon as MalwareBytes blocks the RiskWare.BitCoinMiner process while doing live scans. The source of this process still cannot be found/cleaned, only the BitCoinMiner process it starts up every hour or so. It will close a majority of programs that run with cmd prompt, will close the browser when trying to search for specific keywords, and tries to blue screen if the user attempts to close or restart the PC.
It doesn't seem to run in safe mode.
After the malware "starts", FRST keeps getting closed whenever I try to launch it. Should I try to get the logs as soon as my PC boots (before the malware has a chance to start up), or should I get the logs in safe mode? Any help is appreciated!