Jump to content

plantrob

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by plantrob

  1. Yeah, it found a dll file marked as a trojan in my deleted items folder - it was one of the ones I had deleted in the process I described in post above. Somehow it didn't find the other ones that were in other folders. But I think I may have fixed the problem now. I tracked down an entry in Task Scheduler (another random-name job) that was set up to execute a file in \windows\sytem32\(randomname) folder once an hour - which explains how the blasted items would return mysteriously after some time. Disabled that, as well as (again) the startup item, and knock on wood, it hasn't come back yet. Thanks again for your help.
  2. Laptop performance has certainly improved - but I still have some sort of malware. Symptoms are: - two black command windows flash across screen a minute or two after restarting PC - shortcut in Startup folder pointing to an exe file in a randomly named subfolder of appdata/roaming - when I delete that subfolder OR that shortcut, it gets created again - usually quickly, within a minute - as a subfolder with a different name (but the shortcut is always named "Pxoxxoigtw") - the subfolder contains the exe file (76 kb), which is always named same as a (randomly chosen) legitimate windows executable, along with a dll file (similar naming convention) and an entirely randomly named third file I thought I outsmarted the scheme by replacing the exe file with some other executable (e.g., notepad.exe), renamed to the filename selected by the malware. Indeed, after restarting, the replacement executable started up, instead of the two command windows. After two more restarts, just to make sure, I removed the shortcut and the folder it pointed to. Half an hour later, the command windows flashed by again, and the shortcut was back in place. I have no idea what it's doing, but I'm sure it's up to no good, and think it's likely that whatever it's doing was contributing to the gradual slowdown of the laptop. Any ideas on permanently removing it?
  3. Yes, I think it's running better, thanks. I'll watch for a few days to be sure. What was the most significant fix in the job you prepared? Should I not be concerned about the startup directory item?
  4. Thanks for your help with this. The fixlog file is attached here. Fixlog.txt
  5. Both of those "other files" have a file creation/modification date of 9:28am today (this was while the computer was sitting idle).
  6. Based on advice I got in a follow-up email to this post (thanks!), I checked my C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder, where indeed I found a suspicious item: a shortcut named Pxoxxoigtw (presumably randomly generated), which points to C:\Users\rob\AppData\Roaming\rKEaIR\WMPDMC.exe (file date 4/11/2018 6:33pm, 1,482 kb). Other files in that folder are UxTheme.dll (632 kb) and n5x2DpBk.xDH (769 kb).
  7. For some time now, my laptop has been running very slow, for no apparent reason. During slowdowns, task manager doesn't show inordinately high CPU or network usage usually, but disk often pegs around 100%. The reason I'm suspecting malware is I've noticed that upon restart, about a minute after the desktop loads, there are two command windows that pop up, issue a command, and shut down. I don't recall seeing those until the slowdown occurred, and they may have started after I stupidly clicked on an email attachment that I should have left alone. The windows don't open for long enough for me to scrutinize the command, but I do recall it's a single command with lengthy command line parameters that read like jibberish rather than word-like. Malwarebytes scans give me a clean bill of health, other programs have likewise not found anything. My main AV software is McAfee (according to the FRST scan, it looks like there may be two copies floating around). Any suggested actions for cleanup/optimization/threat removal? Any way to find out with which program these command popups are associated? Thanks! Rob Addition_25-03-2019 23.06.28.txt FRST_25-03-2019 23.06.28.txt malwarebytes report 190326.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.