Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by BigHenny

  1. Attached are images further illustrating that something is not correct. I am in windows safe mode and look at the amount of processes running... when all I have open is edge so that I can reply to this thread. Also, an msconfig image showing two instances of seperate OS's If you need the video of my system 32 folder for more proof I can send that in as well. 



    Seperate OS's.PNG



  2. Kevin -

    To be frank, your lack of concern on how this specific malware is bypassing your products and many others scan is concerning. How can you explain the fact that I have a new administrator account that I haven't created nor have a password to is on my pc? How the fact when I click on the windows system 32 folder a whole other set of apps and images show up briefly before being replaced by normal looking folders? How there are PowerShell scripts relating to the word "Toast" a known malware... and also panther unattend files so that everytime I try to install a fresh OS this malware carries over. 

    Honestly I expected more from malwarebytes on helping me with this issue. I guess I will just be spending the hundereds of dollars it will take to bring my PC into a local shop in order for a professional to help.  

  3. Kevin -

    Attached are the logs. When downloading Sophos to my desktop, a bunch of other items were placed on my desktop. 

    For instance, a file named ps_rootca.rl that under general properties opens with a dll named crypto shell extensionst that was created in 2011. This OS was intalled back in May of this year. There are several other fishy things now on my desktop after installing Sophos to the desktop. 

    Sophos didn't catch anything. It's like anything I download is re-directed to scan a "clean" system. It also completed rather quick.






  4. Kevin -

    Another really weird thing is happening I uncovered last night. I created a fresh administrator account to see what all weird stuff would populate in the file system. A ton of malware looking things popped up in the windows folder and I was able to quickly move them to a usb. In signing on today to check the forum they are all no longer visible, but my system32 folder in windows quickly blinks a bunch of the "toast" related images/apps before going back to looking normal. Also I found a bunch of weird things in the powershell folder along with some vba scripts I had nothing to do with.

    There were two items in the logs folder. I have attached both. 


    Addition_28-08-2020 19.05.15.txt FRST_28-08-2020 19.05.15.txt

  5. Kevin -

    A lot of fishy things happened while doing this. The least of which is the return of a new administrator account on my PC that I did not create. 

    Attached are the logs. I will be quicker to respond moving forward. Nothing has worked on this, and since the time of this posting I have ran tron script twice to no avail. Also my windows event logs are a mess, along with a crazy amount of scheduled tasks and autoruns .dlls.

    I hope you can help, but I fear a fresh OS install is in order... but at this point I'm afraid they are into my firmware.



    MWB.txt AdwCleaner.txt Addition.txt

  6. Please, please, please someone help me. For the past 6 months I've been trying to get rid of this hacker but I can't! From fresh OS installs to calling windows and nvidia support and being on hold for hours and hours before talking to a "technician" who knows barely anything about the OS, to trying using hyper V to try and spot them... my girlfriend thinks I'm losing my mind and I probably am at this point. I just found this forum and I'm praying to god someone can help.

    The first post I clicked on suggested as step 1 to update malwarebytes (which i already have) and reply with the scan. I tried that and the update quit about half way through and said it couldn't be completed... and so now I know maybe I'm not going crazy and feel comfortable enough asking for someone to donate their time in helping me.

    Many, many thanks in advance for your help! 

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.