Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by Solomon

  1. @AdvancedSetup So I see that there are 2 trojan files that are detected, those are 2 items that I am well aware off as I need it for some software usages (I think you get what I mean). But for the sakes of doing a clean removal, I have ask the app to cleanup those 2 files too. 

    So for now, may I know what is the next step? Re-run malwarebytes full scan with rootkits on? or any other next step

    1. Downloaded a bad torrent with Malware,
    2. Run the .exe installer inside the file, installation was unsuccessful as MSCVR100.DLL/MSVCP140.DLL/d3dx9_43 was missing
    3. realized the file and installer was bad, Windows Defender picks up Trojan:Win32/CryptInject and Trojan:Win32/CryptInject.PW!MTB
    4. deleted installer file and did a full scan and offline scan on Windows Defender, everything appears to be healthy
    5. PC have no lag issue, no adware is popping up, but suspected crypto-mining malware 
    6. Using Malwarebytes Premium Trial 4.3.0 to do a full scan, with all the checklist enable and on both my HDD and SSD
    7. Malwarebytes runs for 5~6 hours, then crashes, PC freezes up, can only force shutdown 
    8. Tried running Malwarebytes full scan on both online and offline, crashes and freeze both times
    9. Tried to place a few files under Windows Defender's ransomware protected files
    10. Starts to get protected memory access blocked by CorsairLink4.Service.exe, protected folder location is suspicious 

      Personal Deduction: Suspected malware masked itself as other application, and possible stopping Malwarebytes from making full scans

      I have included the FRST and Addition for your reference. Please have a look, thank you

    Screenshot (23).png

    Screenshot (25).png

    FRST.txt Addition.txt

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.