Jump to content

Help! Undetected malware unintalled antivirus


Recommended Posts

Hello! I've been noticing high cpu usage lately, but I supposed it was the antivirus background scanning. I had a few problems with windows failing some updates so I disabled Windows Update, thinking the Valorant anti cheat was picky. CPU usage dropped from 100% to 50% everytime I'd open the task manager. A few hours ago, I was working on something and the RogueKiller uninstaller popped up and the background turned to black. I immediately removed the internet connection and closed my laptop. I ran scans with Bitdefender, Malwarebytes, Roguekiller but there were no detections. I suppose it's some miner or botnet, I have important files on my computer. Could somebody help me? 

Link to post
Share on other sites

Hi,  
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

Lets not run Roguekiller on your own.   Nor run other tools on your own.

P.S.  Turning off Microsoft Windows Update is not a good security practice.   Please turn it back on.

.

The Malwarebytes for Malware reported no malware / no P U P

Lets check for adwares/

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.
Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too!

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner


 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs
Thanks.  Keep me advised.

,

There are some Windows services that are having issues &  there are Windows exception errors for this

Error: (09/01/2020 08:38:42 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Waves\SoundGrid\Driver Control Panel\SoundGrid Driver Control Panel.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\SoundGrid\Driver Control Panel\WavesQtLibs_5.6.0_Win32_Release\WavesQtLibs_5.6.0_Win32_Release.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_5.6.0_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_5.6.0_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

 

These & the  Windows services issues may be what is perhaps leading to a odd display when one looks at Task Manager   ( which is by the way not a ideal app to make any judgement about any potential infection.   We use known security tools to help us determine that.   You have alreday run a scan with BitDefender & Malwarebytes for Windows  !!!

 

Link to post
Share on other sites

OK.  That is a good result from Adwcleaner.   It found no actual P U P  or adware.   It only flagged some Lenovo applets.   That is fine.

.

Your pc has a Trial install of Malwarebytes, which will provide real-time protections thru 14 days from first setup date.

Lets go ahead and do a housekeeping tweak.

There is one setting in Malwarebytes that needs to be off.     The  trial  protections of Malwarebytes will still be on.
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 
Click the Security Tab. Scroll down to 
"Windows Security Center"
Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

{  OFF position is all the way to the left  }
Close Malwarebytes when done.
.

[    2     ]

I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.
If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.
 
 

Edited by Maurice Naggar
small edit
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.