Jump to content

JCrocker

Members
  • Content Count

    20
  • Joined

  • Last visited

About JCrocker

  • Rank
    New Member
  1. There is still a problem with Chrome browser using multiple proccesses (10+). It doesn't seem to be using the memory in the same way, though. It still makes me very nervous because this malware has already resulted in someone trying to take money from our Paypal and Amazon accounts as well as our bank and retirement accounts.
  2. sorry, I'd hit scan instead of fix... Fixlog.txt
  3. same problem. I've attached screenshots of the task manager with iExplorer and Chrome running. This was a new installation of Chrome and there was no wifi or ethernet connection.
  4. Farbar Recovery Scan Tool (x64) Version: 29-05.2019 Ran by kelly (30-05-2019 11:01:59) Running from C:\Users\kelly\Desktop Boot Mode: Normal ================== Search Registry: "floridian.lnk;floridianfloridian.lnk" =========== ===================== Search result for "floridian.lnk" ========== [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder] "floridianfloridian.lnk"="0x0300000009070AA6980FD501" [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder] "floridian.lnk"="0x03000000F5A6F4A8980FD501" ===================== Search result for "floridianfloridian.lnk" ========== [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder] "floridianfloridian.lnk"="0x0300000009070AA6980FD501" ====== End of Search ======
  5. That seems to have helped for IExplorer (is it normal for Edge to run a dozen or more processes?). Chrome is still continuing to have an issue, however. I uninstalled and reinstalled, but no difference. Also, I noticed in [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartFolder] two weird sounding keys: floridian.lnk and floridianfloridian.lnk I'm wondering if I should save what I can and completely reinstall Windows
  6. Nothing else suspitious... Farbar Recovery Scan Tool (x64) Version: 19-05.2019 Ran by kelly (27-05-2019 10:50:12) Running from C:\Users\kelly\Desktop Boot Mode: Normal ================== Search Registry: "gwdkw;hnehyw" =========== ===================== Search result for "gwdkw" ========== [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "gwdkw"="0x03000000E67BF2F6BE8ED401" ===================== Search result for "hnehyw" ========== [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "hnehyw"="0x030000004CD8291BBF8ED401" ====== End of Search ======
  7. I should add, I was able clear the Delayshred key in regedit, it just didn't get rid of the malware problems.
  8. So, I went into regedit to see if zeroing the value of that string manually would work. It didn't, but I noticed two other suspicious looking entries there: gwdkw and hnehyw. A quick google search shows these are virus related. Any ideas? Thank you so much for your time and advice so far!
  9. And the smiley face is C followed by colon!
  10. That should be a forward slash after 😄
  11. Search Files: Farbar Recovery Scan Tool (x64) Version: 19-05.2019 Ran by kelly (26-05-2019 09:05:44) Running from C:\Users\kelly\Desktop Boot Mode: Normal ================== Search Files: "conhost.exe" ============= C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.17134.1_none_5316cfc78d5f777e\conhost.exe [2019-05-23 09:41][2018-04-10 21:07] 000625664 _____ (Microsoft Corporation) EA777DEEA782E8B4D7C7C33BBF8A4496 [File is digitally signed] C:\Windows\System32\conhost.exe [2018-04-11 16:34][2018-04-11 16:34] 000625664 _____ (Microsoft Corporation) EA777DEEA782E8B4D7C7C33BBF8A4496 [File is digitally signed] ====== End of Search ======
  12. SearcReg: Farbar Recovery Scan Tool (x64) Version: 19-05.2019 Ran by kelly (26-05-2019 09:02:50) Running from C:\Users\kelly\Desktop Boot Mode: Normal ================== Search Registry: "DelayShred;conhost.exe" =========== ===================== Search result for "DelayShred" ========== [HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "DelayShred"="0x020000000000000000000000" ===================== Search result for "conhost.exe" ========== ====== End of Search ======
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.