Constant memory issues after Malewarebytes removed PUPs

[Veerdin-Wraith]

So I recently did a scan with Malewarebytes and discovered some nasty stuff hiding on my system, including a bunch of bitcoin mining programs, some spyware and a few other random things that I didn't want anywhere near my system. Problem is, ever since removing the offending malware, my system has been having constant memory issues. Apps will crash, Chrome tabs will run out of memory, my desktop and explorer will lock up and restart, and all those other lovely issues caused from memory problems.

At first I thought the problem was my graphics driver (Using an old Nvidia GeForce GTX 960) so I manually uninstalled and reinstalled that, and for a while that seemed to have fixed the issue... until earlier today I started once again having memory issues while doing some fairly benign stuff online - specificially watching videos on Youtube with a couple other social media tabs open. The only programs I had running at the time were Discord, Steam, Line and my usual background processes like Nvidia and Razer, I wasn't running any graphically or memory intensive things, with the exception of Chrome, which is a pretty notorious memory hog but not one that's ever caused issues in the past.

I've since run more scans of my system using Malewarebytes (did a full-system scan overnight of all my HDDs, including scanning for rookits), a scan with McAfee Stinger, and a scan with my basic Windows 10 security system, none of which have come up with anything. I've as mentioned done a fresh install of the most recent Nvidia graphics drivers, and I've recently installed RamMap to try and see what's eating all my memory, but I can't make heads or tails of the data it's giving me. 

Included is my DxDiag for system specs, I have a feeling that during the Malewarebytes removal process, something got broken and is causing a memory leak, but I have no idea how to find the source to remedy it. Reinstalling my graphics drivers did help a bit but the issue is still present.

Please help!

DxDiag-20-05-21.txt

[kevinf80]

Hello Veerdin-Wraith and welcome to Malwarebytes, Lets grab some logs and see whats going on, continue with the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following:   Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"   Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....

[Veerdin-Wraith]

Hi Kevin!

Unfortunatly, my system literally does not allow me to download FRST, it doesn't give me the option to allow it through (it popped up a warning in Chrome which I allowed but it ws immidiatly swept up by my windows security) - I have, however, done the other things you reccomended and have included the relevant log files: Malewarbytes scan log 18-05-21.txt Malwarebytes scan log 17-05-21.txt AdwCleaner[C00].txt

I've also followed some advice given to me over at Bleeping Computer (who prompted me to make this thread here) and run a few system diagnostics/scans through the CMD, specifically the ones listed in Pkshadow's post here. Since that thread is currently locked while the issue is looked at over here I can't reply to them, but my system did detect and replace some corrupted files during this process and I'm currently monitoring my memory usage.

The Adwarecleaner software picked up a few PUPs too (included in the log file) which I cleared out followed by a reboot.

[kevinf80]

Hello Veerdin-Wraith,

The two Malwarebytes logs you`ve attached are blank, no data.. Regarding FRST, cannot really progress without those logs. How does your security stop FRST from running, do you see the following image..? if so just select "More info"

Thanks,

Kevin

Edited May 20, 2021 by kevinf80
typing error

[Veerdin-Wraith]

Oh, that's very strange, they had data on them on my side, maybe I sent the wrong ones or exported them wrong.

Not on my home computer right now but I'll see what I can do, thanks for the heads up on how to install FRST.

 

[kevinf80]

Thanks for the update...

[Veerdin-Wraith]

So I went back into my Malewarebytes histroy and just manually exported everything I could find there, and bundled them all into a zip folder since it didn't let me just view all of the detection history as a single document (or at least, if it did, I don't know how to do that) so hopefully one of these files has the info you need: malewarebytes logs.zip

As for FRST, however, it doesn't give me that menu popup - it literally will not let me download the file anymore. The first time I downloaded it, Chrome gave me a warning along the lines of "this file is not often downloaded" but allowed me to manually override that option and download it. However, the moment it finished downloading, my Windows antivirus deleted it, stating that it "Detected a virus", and did not give me any option to stop the process.

I tried to download it again just then and now Chrome is straight up refusing to let me have it, giving me the following error: 

According to Windows Security, it classes FRST as a "severe threat" and Chrome apparently feels the same now. Not entirely sure what to do about this.

[kevinf80]

Hello Veerdin-Wraith,

FRST is not a threat, it is a tool that we use many times a day here at Malwarebytes. It is also used at several other Malware removal sites, if you will not allow it to run then unfortunately I cannot offer any further assistance.

Thank you,

Kevin...

[Veerdin-Wraith]

I don't disbelieve you that it isn't a threat, I'm just not sure how to get it since my computer automatically deletes it whenever I attempt to download it and doesn't give me the option to keep it. Unless you have any advice as to what settings I need to change in order to actually download the program.

[kevinf80]

Which security program removes FRST from your system.. Is it Windows Defender?

Restore from Quarantine:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus?view=o365-worldwide

Add an exclusion to Windows Defender:

https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26

[Veerdin-Wraith]

It was previously, but now Chrome itself isn't letting me download the file anymore, the brower's antivirus seems to pick it up automatically.

[kevinf80]

Try a different browser, MS Edge or Firefox...

[kevinf80]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks