Nicholas123 Posted April 17, 2021 ID:1451820 Share Posted April 17, 2021 Hello. If someone could help (or explain, if it's not a malware issue) i would be very thankful. A couple of days ago my mouse had some jumping issues and i've thought of it as related to hardware. But because of that i've been worried about my pc and i was more attentive. Today i turn off my pc and a process i've never seen appeared in the "Waiting for this applications to close before turning off". I can't unfortunately remember the name. It had NV - Class and a bunch of 0s in the name. I thought it couldve been a windows process, so just to see if i could see the exact name i turned on and off my pc again. This time i saw an application with a reddish eye orb as icon that i've never seen. Wasn't fast enough to see the name but i q Link to post Share on other sites More sharing options...
Nicholas123 Posted April 17, 2021 Author ID:1451821 Share Posted April 17, 2021 Sorry for the double post i clicked send as an error. I was saying i got a picture but it's very blurry. You can kinda see the icon. Its not firefox. Is it recognizable ? I unfortunately dont think so. I'm attaching picture, FRST and Addition. Today ive done a full MBAM and MSE scan, so i don't really know what to do. If someone could help i would be very grateful. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Nicholas123 Posted April 17, 2021 Author ID:1451823 Share Posted April 17, 2021 Sorry for the added comment again, im kinda "shocked" so i tend to forget to add stuff, plus it's very late. I used netstat today and didn't spot anything unusual, there are no programs or processes like the ones ive mentioned before in my pc and the upper program is Steam, the one under i don't know, looks like an eye or ball to me. Link to post Share on other sites More sharing options...
Nicholas123 Posted April 17, 2021 Author ID:1451824 Share Posted April 17, 2021 Adding this last comment since a friend has spotted something i didn't realize and i wouldn't want someone to waste time on it: the eye "program" under Steam is just Steam itself. The color palette of the icon changed when it moved from a position to another, and by looking at a specific frame, thought it was something else (i feel like a idiot). Still, the other process wasn't one i knew. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 19, 2021 Root Admin ID:1452040 Share Posted April 19, 2021 Thank you for the logs @Nicholas123 I don't see any obvious infection on the system but there are some DNS lookup issues. You might consider changing your DNS server to another one. DNSWATCHhttps://dns.watch/ 84.200.69.80 84.200.70.40 2001:1608:10:25::1c04:b12f 2001:1608:10:25::9249:d69b Google Public DNS: 8.8.8.8 and 8.8.4.4 Cloudflare 1.1.1.1: 1.1.1.1 and 1.0.0.1 Cisco OpenDNS: 208.67.222.222 and 208.67.220.220c Let me have you run the following and we'll do some clean up and system checks. Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
Nicholas123 Posted April 19, 2021 Author ID:1452095 Share Posted April 19, 2021 Hello AdvancedSetup. Thank you for looking into this. I have ran the fix, but i forgot completely that MbVpn was set up to start on his own when i booted my pc on. Hope it didn't have an influence on the fix, altough i changed FRST into FRSTEnglish the fixlog is still in italian. I think most of it was successful. Regarding DNS Watch, was the server change included in the fix or should i look for changing it on my own ? Thanks. Fixlog.txt Link to post Share on other sites More sharing options...
Nicholas123 Posted April 19, 2021 Author ID:1452106 Share Posted April 19, 2021 (edited) Added note: I changed the DNS servers to the ones from Dnswatch, unfortunately my ISP doesnt let me change them on the router so i just changed it on my devices. Edit: Did CHKDSK C: /F work ? I have run CHKDSK C: /F /R in the past and i'm wondering if i should. Edited April 19, 2021 by Nicholas123 Added Notes Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 19, 2021 Root Admin ID:1452180 Share Posted April 19, 2021 The /R in check disk assumes the /F already so not needed. However a FULL disk check which is what the /R is for should not be needed in most cases. A regular /F check is more than enough in most cases unless there is reason to believe there are file or folder issues. For the DNS, just keep an eye on it and make sure you're not having issues reaching sites or getting errors in programs unable to find their server for updates, etc. The FIXLIST I gave you though did say it was waiting for a Recovery Process to complete. So not sure what was going on there. Let me have you run the following and post back your results. Please open an Elevated Admin command prompt and type in the following and press the Enter key. Let me know what it says SFC.EXE /SCANNOW Then, let me have you run the following as a secondary scan double-check and to make sure they don't find any malware either. Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Link to post Share on other sites More sharing options...
Nicholas123 Posted April 19, 2021 Author ID:1452185 Share Posted April 19, 2021 (edited) Hi again. Sfc.exe did indeed work now, maybe i had a scan in the background. The result says no integrity violation was found (roughly translated). Since the ESET scan will take a while, i will edit this comment once it's finished. Edit: Full Scan was finished, nothing was found, should i still post the log ? Regarding DNS, ive never had trouble of that kind but my wifi has never been very fast. Edited April 19, 2021 by Nicholas123 Added notes Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted April 19, 2021 Root Admin Solution ID:1452195 Share Posted April 19, 2021 All good then. I'm not seeing any infections and the logs look reasonably good. Security scans show no issues. Unless there is something else you should be okay at this point. Link to post Share on other sites More sharing options...
Nicholas123 Posted April 19, 2021 Author ID:1452199 Share Posted April 19, 2021 Thanks for the support. Yes the weird process appeared only once and i was also streaming/ talking so it couldve been related to that. Also i haven't seen any infection signs at all. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 19, 2021 Root Admin ID:1452212 Share Posted April 19, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts