Androo

Hello everyone, a colleague of mine came to me for help with some sort of virus he found on the web. It seems like he tried to install something and now his system is infected with a ransomware. Since I've been on this forum before, I asked him to run Malwarebytes and FarBar. We've also checked ID Ransomware and it seems like it's a STOP/Djvu. Unfortunately, an external SSD with important data for us has also been encrypted and we're wondering if there is any way to decrypt it. I have scanned and attached the logs below. Please let me know how we should proceed. report1.txt FRST.txt Addition.txt

Thank you for your help. I would like to know what were ZoomE and ZoomX and what were they doing to my PC. It could help the troubleshoot for the GPU issue. Thanks again! 😁

Here's the log. Fixlog.txt Let me know if there are any more scans/steps left to do.

Should I run the Kaspersky scan on the system drive as well?

Hello @MKDB. No malware found after a quickscan with Kaspersky. Ran the fix, the GPU issue is still there. I've attached the logs and also ran another scan with Farbar, just in case.Addition.txtFRST.txtFixlog.txt

Update. MWB no longer detects any ZoomX or ZoomE. However, each time I open the task manager, for a very brief moment, the gpu load is at about ~30-40% and it quickly goes back to 0. Also the GPU clock and memory clock spikes are still there. Every time I open the task manager a spike appears. We'll talk tomorrow, thanks! 😁 msert.log

Don e @MKDB Fixlog.txt FRST.txt Addition.txt

Update regarding the malware name. It is now displayed as 'Trojan.BitCoinMiner'

Here you go. @MKDB Addition.txtFRST.txt

Will do as soon as I get back home.

This is a scan result from yesterday. Think this might help.scan.txt

Update. Tried running another MWB scan and for some reason it got canceled. It reports some sort of bitcoin miner that was put in quarantine. There is no such file in the 'Quarantined items' section of the program. 302691803_malwarebyteresults.txt

Also, there is something odd going on. The ZoomE/X alerts keep popping up at very precise times.

Hello MKDB, here you go. Addition.txtFRST.txtI also ran 2 Malwarebytes scans (a quick and a full scan). As per your request I have only quarantined the malware found. Do I have the green light to delete them? malwarebyte results.txt malwarebyte full scan results.txt

Hello! Recently I've been experiencing some issues with my GPU performance and it seemed to be happening because the latest Windows 11 update (insider build). Yesterday I decided to install and run Malwarebytes and after the initial clean-up 2 executable files (ZoomX.exe and ZoomE.exe) keep popping up regularly and at the same time. There are no other symptoms other than the slight GPU performance decrease so I'm not exactly sure what's happening. I have also attached a screenshot of my GPU clock and memory clock speeds. Has anyone else encountered this? I will provide all the logs and scans needed if it's something worrisome.