Jump to content
Vicenc

Windows 10, malware suspicion

Recommended Posts

Hey there,

I am Vicenç, a Spanish student in KTH Stockholm trying to finish my MSc degree.

Recently, my laptop (Acer TravelMate P) has slowed down a lot. When investigating it, the performance of my CPU is questionable. When I launch internet browsers, the CPU usage spikes. In addition, my task administrator reveals processes I have no idea how they got there. After googling most of them, they are normal processes, it is just they take much RAM and CPU usage. More than one would normally expect.

image.thumb.png.4afd323173f40a613f463bff967a4061.png

I noticed as well the creation of random folders with the name of '!EndpointProtectionFolderDo NotDiscard' in Files, Images, Videos and Music, when I never installed Sandblast software. The images are like this:

image.thumb.png.c2804b8b520785b3d16067ebca4da203.png

I ran several antimalware programs in safe mode, but none of them detected any infection. The usage of memory is really strange and it is making me worried. I hope some of you can help, I would profoundly appreciate. As someone who relies heavily on his PC, 2 weeks without a laptop would be terrible.

I remain at your disposal.

Best,

Vicenç

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The Sandblast software was probably installed by this program.
https://www.checkpoint.com/products/sandblast-network-security/
If you did not install it let me know.
===

Please download Malwarebytes Anti-Malware from here
 

  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.


Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.

IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).


===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Let me know what problems persists.

Wait for further instructions

 

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

I see traces of Panda in your logs.
I suggest you download their Uninstaller tool to clean all traces of it.
https://www.techsupportall.com/panda-uninstall-tool/

Restart the computer when complete.
Let me know if the problem persists.
 

fixlist.txt

Share this post


Link to post
Share on other sites

I deleted the program, should I reinstall Farbar tool and send it? The Panda uninstaller is constantly asking for a reboot, even after a reboot.

Thanks!

Share this post


Link to post
Share on other sites

Yes please post fresh FRST and Addition.txt logs for my review.

Yo create a new Addition.txt log make sure that the box to create the file is checked.

p.s.

Did you run my suggested fix?

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.