Jump to content
JCrocker

Conhost.exe taking over my laptop

Recommended Posts

Farbar Recovery Scan Tool (x64) Version: 29-05.2019
Ran by kelly (30-05-2019 11:01:59)
Running from C:\Users\kelly\Desktop
Boot Mode: Normal

================== Search Registry: "floridian.lnk;floridianfloridian.lnk" ===========


===================== Search result for "floridian.lnk" ==========

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"floridianfloridian.lnk"="0x0300000009070AA6980FD501"

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"floridian.lnk"="0x03000000F5A6F4A8980FD501"


===================== Search result for "floridianfloridian.lnk" ==========

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"floridianfloridian.lnk"="0x0300000009070AA6980FD501"

====== End of Search ======

Share this post


Link to post
Share on other sites

Hi,
Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.


Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"floridianfloridian.lnk"=-
[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"floridian.lnk"=-
[HKEY_USERS\S-1-5-21-2565066577-4024063832-252566065-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"floridianfloridian.lnk"=-

Restart the computer when completed.

You can delete the fixme.reg file when done.
===

How is the computer running now?

Share this post


Link to post
Share on other sites

same problem. I've attached screenshots of the task manager with iExplorer and Chrome running.

This was a new installation of Chrome and there was no wifi or ethernet connection.

 

 

 

iexplorer.thumb.jpg.4930b30d2fd965e7cd2fc45e24119c3a.jpgchrome.thumb.jpg.c7961d3ce92128ee31d160609c784cbc.jpg

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,

Sorry for this delay I was away yesterday.

I have been requested by an expert to get more information on this infection.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt

p.s.

Please run the Farbar program and let it update. It will not take very long.

Post fresh FRST.TXT and Addition.txt logs for my review.

 

 

 

 

 

fixlist.txt

Edited by nasdaq

Share this post


Link to post
Share on other sites

Hi,

Please run the Fixlist.txt as suggested in post no. 29. A Fixlog.txt will be created. Please post it for my review.

How is the computer running now?

Share this post


Link to post
Share on other sites

The logs from post no. 30 came out clean.

Do you still have problems with this computer?

 

Share this post


Link to post
Share on other sites

There is still a problem with Chrome browser using multiple proccesses (10+). It doesn't seem to be using the memory in the same way, though. It still makes me very nervous because this malware has already  resulted in someone trying to take money from our Paypal and Amazon accounts as well as our bank and retirement accounts.

Share this post


Link to post
Share on other sites

Hi,

Chrome will open as many processes it needs to work.

I have only one chrome Windows open but my task manager reports 6 processes.

===

If you do not have any other issues with this computer your are safe.

For your peace of  mind run this scan.

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.



Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

p.s.
You can also make sure you are using strong passwords for your added security.

How secure is my Password.
https://howsecureismypassword.net/

Create strong passwords,
https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.