Hi There,
I would greatly appreciate assistance and/or advice to rid my pc of persistent malware infections.
Specifications
Windows 10 OS
128 GB SSD
1 TB HD
16GB RAM
AMD Ryzen 3 2200U
64-bit OS, x64-based processor
Background
In late Dec 2020, my motherboard was replaced under warranty. All files were backed up to OneDrive. I completed a fresh install of the Windows 10 OS.
During late Dec 2020 & Jan 2021, I noticed high CPU usage (at times 100%), with noticeable noise from the drives/fans.
I moved my OneDrive files from my C drive (128GB SSD) to D drive (1TB HD), hoping this would decrease the stress on the pc. CPU usage was still very high, especially when I opened Google Chrome. At this time ,I had AVG free installed on the pc and ran numerous scans, which revealed nothing.
At the beginning of Feb 21, I noticed redirection of Google Chrome pages, which were not consistent between the same search parameters.
During the move between allocated OneDrive drives (which took 4 days), I had my computing folder open. It was after this move that I noticed a couple of suspicious files (e.g. ErrorTek.exe).
I downloaded MalwareBytes free and ran a scan. This revealed a number (43) of PUP’s and RogueForcedExtension, specifically in the Google Chrome folder
(e.g. C:\Users\cate1\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkekefcpfdkdjgmnbcagcdgjddfebpnn\000003.log, No Action By User, 8121, 447164, , , , , 9239B544D893393C5852CC771E24F7F2, 701A22A8DFAFFE076C31D193A2393E6D7E6A7BF0D604766DA74C7E2AA2493BD8)
The Last 2 weeks (approx. 10-02-21)
I purchased the following software.
MalwareBytes Premium
Bitdefender Total Security
Malwarebytes Premium
Malwarebytes Rootkit removal tool
Malwarebytes adwcleaner_8.1
BitDefender Total Security
Norton Power Eraser
Sophos Virus Removal Tool
MS Defender
MS Safety Scanner
MS Malicious Software Removal Tool
ESTonline scanner
HitmanPro (free)
I ran Malwarebytes 3/4 x until I had a clear report. Bitdefender did not reveal anything suspicious. This was performed on both the C drive and D drive and external backup drive.
From the initial Malwarebytes scan, I kept monitoring the \AppData\Local\Google\Chrome\User Data folder, and noticed that after every Malwarebytes scan/deletion, that new folders would auto-populate/reinstall in the Google Chrome folder. By this time, I was very distressed and ran and reran all of the following malware scanning/removal tools.
Depending upon when I ran these applications, I’ve had both clear and infected scans.
The malware in the Google Chrome application became simply ridiculous. I have uninstalled Google Chrome and now use MS Edge instead.
As of the 13-02-21, Norton Power Eraser will no longer run on my pc. Error message is 0x80004005,n40,26.
I thought, as of the 20-02-21 that I was clear of all malware. I am on a shared Netflix account, and the account holder has notified me that in the last 2 weeks, they have received numerous emails regarding suspicious activity on the account.
On the 25-02-21 I ran a MS Safety Scanner, and it showed the following malware (which was removed);
HackTool:Win32/Keygen
VirTool:Windows32/DefenderTamperingRestore
I have also run my Hotmail address on the site “I’m Pawned” and received confirmation that I have been compromised.
I am at the point of wiping both the C & D drive and completing a fresh install of the OS. (Alternatively, taking the pc to a professional and having it repaired.)
I am now also very paranoid, that the purchased and free anti-malware tools, may, in fact, be malicious software. Remember, I was experiencing re-directs in Google Chrome, to un-safe websites.
I have run all the of the exe. Files through VirusTotal. However, I am still concerned that my Malwarebytes Premium, is an unsafe application ( purchase of the product in Australia, came from a store in Amsterdam???)
I prepared to share reports/screen dumps of scan results, if someone can verify that they are an actual employed representative of Malwarebytes.
Currently, CPU usage is high on boot and when using browsers.
Many thanks for your help.