Xytal Posted August 10, 2020 ID:1400387 Share Posted August 10, 2020 Hello, firstly I would like to point out, I have been infected many times, I download a whole bunch of crap from sketchy websites, which in-return I have to factory reset my computer quite a couple of times. So I researched about phishing, I downloaded some Roblox phishing files, and they were .zip’s and .rars. A couple of hours later, my Roblox application started flashing white. I researched this and I came across a YouTube video, I scrolled through the comments, and I see a comment stating that a virus is on your computer and you have to factory reset. I then researched, and I remembered the bleeping computer website, I made my account, and I figured out how to create a topic. Just to let you know, I had no application throughout the findings of these files. This was all done manually and took me 3 hours of research. Plus I am not very experienced with computers, so sorry if I get some “viruses” mixed up with system files. I will now list my findings that I think is potential malware. This has been happening for a couple of weeks, and I am quite suspicious about it. Whenever I open the task manager, it dramatically decreases from a very high CPU and rams usage to very low. This gets me worried as I think this may be something trying to hide something. For example, a file is running in the background eating my pc, and I open task manager, and it stops running to hide its tracks. But when the task manager is closed, it starts again. In the start-up applications, I see an Update with no icon and no impact. For some reason, I see four Runtime Brokers in my task manager. One allows me to open file location; all others do not allow me to open. In the task manager, I see Your Phone (2). It has no icon in Task manager when I expand; it says Run Time broker and Your Phone suspended. I see a windows start-up application when I open the file location it shows winner. In task manager, when I expand Cortana, it says it is suspended. In my task manager, it shows Reminders WinRT OOP Service. It doesn’t allow me to access the file location. I see Esif_uf in system 32 Intel DPTF. Something weird is that in task manager details I have five conhost.exe 2 for system 2 for me the 2 for the system is not allowed and another that I cannot locate and I have two on my same account profile which is suspicious. Another thing is weird is that I have a dwm.exe running on my task manager details the memory is 88k which is high and it belongs to an account I don’t know named DWN-1. I have at least 40 svchost in the system32 folder. I have two unknown users on my computer, (default user 0 and default user 1000000.) When I try and open them, it says I do not have permission which is a bit fishy. I also have cuellaccessservice.exe I think that is a virus. I have got memory compression in my software environment running tasks which I’m sure is a virus I also see mspeng.exe I dont know what that is. I also see Nahimic service.exe. FOR SOME REASON I SEE NISSRV.EXE which I think is a virus because it is not meant to be on windows ten only windows seven and below I see placesserver.exe, I also see remindersserver.exe which is known to be malware, plus it is in systemapps which is weird. Just now my explorer got infected with conduit. Another thing earlier today, I was playing a game, something weird happened I forgot, I tried to alt-tab, and it showed like old windows alt-tab like it was a grey box and it had old icons. I could not click on the windows key, so I had to force shutdown. I see spoolsv.exe which meant to be in system32, yet it shows everything not available. I see two crsss.exe files running I searched up what this means, and it says, it is a virus I feel like I am being ratted and the other crss is from the pc that is ratting me. I think I have a phished fontdrvhoste.exe infection. I have got two csrss.exe processes running at the same time, which i think means there are multiple people on my computer. I have two wdfhost. 2 dllhost.exe, two rtkauda.exe. 2 node.exe This has taken me 3 hours of research. This is not all of the information, as I had no program to help. I did run malware bytes ADW cleaner, and it came up with eight results, I quarantined them. Lastly I have got a weird adminservice.exe on my computer. Link to post Share on other sites More sharing options...
Xytal Posted August 10, 2020 Author ID:1400388 Share Posted August 10, 2020 Please guys, I really need help, my pc is playing up now and it is making like a tapping sound, plus it sounds like a disk is moving around in my computer. My computer is acting really slow, I don't know what it is. Plus I see a lot more services in my task manager that are weird and I do not know what they are. My cpu is running at a constant 90% Im really scared please help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 11, 2020 Root Admin ID:1400394 Share Posted August 11, 2020 Hello @Xytal Please run the following steps and post back the logs as an attachment when ready. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download. Spoiler Spoiler When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users. Example of Microsoft Edge blocking the download STEP 01 If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Double-click to run the program Accept the End User License Agreement. Wait until the database is updated. Click Scan Now. When finished, if items are found please click Quarantine. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time Please attach the Additions.txt log to your reply as well. On your next reply, you should be attaching frst.txt and additions.txt to your post, every time. Thanks Link to post Share on other sites More sharing options...
Xytal Posted August 11, 2020 Author ID:1400569 Share Posted August 11, 2020 Malware bytes: 102 infections which is the file hi Adw Cleaner file here hi.txt here.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 11, 2020 Root Admin ID:1400583 Share Posted August 11, 2020 Please post back both of the FRST logs as an attachment. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 31, 2020 Root Admin ID:1404679 Share Posted August 31, 2020 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts