Casey9

@MKDB Just after the malware "privateserver.exe" was executed. A total of 7 same blocked website was scanned. I have included the full report of the blocked website. I'm trying to give every information that I can possibly find. reportblockedwebsite.txt

@MKDB Something was not right when I saw the file size of the msert.log. Probably because I sent the file before I clicked finish on the MSS software. I resend a new one. msert.log

@MKDB msert.log

@MKDB Done.

@MKDB I did the Step 1 using the fixlist.txt in FRST. After system restarted, two firewall notification popped out. I'll wait for your confirmation to allow access or cancel these two. I have included the Fixlog.txt. But I have not fully uninstall the game. I will disconnect any network from my laptop for now and wait for email notification from my phone for your reply. Please tell me if I need to uninstall the game first before executing the fix using FRST so I can repeat the process. Fixlog.txt

@MKDB

Do I uninstall the game first or do the step above?

Also, when the malware was launch, Malwarebytes detected a malicious website called "eguidemart.xyz". The website was not blocked from Malwarebytes.

I suspects that this malware "privateserver.exe" is meant for stealing account for Genshin Impact online game. I received a 2fa notification in my phone that someone from United States wants to log in to my Facebook account but I am from APAC. That Facebook account is linked/binded to the in game account for Genshin Impact. I already blocked the authorization and changed my Facebook password. Should I fully uninstall the game? I am scared the possibility is that the malware did nothing to the registry but injecting something to the game folder in my drive. From the ESET scan, I do have some cracked games but I can guarantee that does not harm my pc. Since I bought all the cracked games from a legitimate seller from Shopee with high good sales rating. But there's also a possibility that something bad is in the registry because of this malware. I also checked that there is no suspicious startup software using Autorun and task manager. I still willing to follow a last resort which is performing clean install of Windows 11(current windows). AdwCleaner[S00].txt eset_log.txt

I ran a malware that have Trojan Crypt that can steal user's online account without the user's knowledge. The malware is privateserver.exe inside the Privateserver.rar file. Password for the rar file is "genshin" without the quote. The malware was accidentally excluded from malware detection on Malwarebytes Premium when I ran it. I deleted the malware from directory and recycle bin. I did a 5 times scan in Malwarebytes and nothing gets quarantined. But I still want to take precaution about this so I did a FRST scan. I have included the FRST.txt and Addition.txt. FRST.txt Addition.txt Privateserver.rar