Hello,
due to my own stupidity, I was infected with malware recently. The notable .exes that I remember are weather.exe (adware?), and maskVPN, along with many changes to my windows task folder.
I also dug around and see what folders and files were added/modified at the time of the attack.
I followed some of the steps mentioned in similar scenarios, by first doing a malwarebyte scan including rootkit, and then adwcleaner, followed by Farbar Recovery Scan Tool. I will attach some of the files down below.
Sorry I am not technological sound but after the scans were completed here are the files I did not recognize that still exist, I made sure that they were created around the same time the malware was installed:
In my System32/Tasks folder, I noticed many windows task files randomly named. Examples are "godfathers" "titans" "stir" "odorous_gears"
A folder named maskVPN was found somewhere which I deleted.
A folder created during the time of attack named Python was found somewhere which I deleted.
A folder containing weather.exe was found and deleted. (This was what caught my attention initially, as when I tried clicking the uninstall.exe in this unknown program, led to some audio adware)
A folder named "CLR Security Config" and security.config.cch inside it, under AppData/Roaming/Microsoft
Among those folders, there were also many "intermission.exe" scattered around.
Even after the scans, I still see a folder located in my System32/DriverStore/FileRepository called oemvista.inf_amd64_a572b7f20c402d28 was created during the attack. Inside contained "oemvista.PNF" "oemvista.inf" "tap0901.sys"
But I could not delete it because "You require permission from SYSTEM to make changes to this folder"
This folder above is related to maskVPN I believe because in Windows>INF, setupapi.dev.log, I found a log of when maskVPN device installed, and it created/altered folders above. I will attach that part of the log below. Please check!
I also noticed that when I checked my windows defender, in App and browser control, the setting "Check apps and files" is greyed out and selected at "Off" out of the three "Block" "Warn" "Off". I could not change it to "Block" due to "This setting is managed by your administrator"
I'm afraid that it had made many changes to my PC including the registry.
I've attached 2 Malwarebyte scans because the first I closed before it was properly finished. I also attached adwCleaner logs and FRST and Addition.
Any help will GREATLY be appreciated, thank you so much in advance!
First Malwarebyte Scan.txt
Second malwarebyte scan.txt
AdwCleaner[S00].txt
AdwCleaner[C00].txt
setupapi.dev.log.txt
FRST.txt
Addition.txt