Jump to content

ZoomX.exe and ZoomE.exe heuristics.shuriken


Go to solution Solved by MKDB,

Recommended Posts

Hello! Recently I've been experiencing some issues with my GPU performance and it seemed to be happening because the latest Windows 11 update (insider build). Yesterday I decided to install and run Malwarebytes and after the initial clean-up 2 executable files (ZoomX.exe and ZoomE.exe) keep popping up regularly and at the same time. There are no other symptoms other than the slight GPU performance decrease so I'm not exactly sure what's happening. I have also attached a screenshot of my GPU clock and memory clock speeds. Has anyone else encountered this? I will provide all the logs and scans needed if it's something worrisome.

explorer_oHyuezfXvi.png

mbam_NqMEhZiX5o.png

Link to post
Share on other sites

Hello @Androo  and  :welcome:

 

My name is MKDB and I will assist you.

 

 

Like TwinHeadedEagle already said, please attach the MBAM logfile as well as those from Farbar Recovery Scan Tool (FRST).

Thank you!

 

 

I will guide you along on looking for potential malware. Lets keep these principles as we go along.

  • Searching, detecting and removing malware isn't instantaneous, please be patient. Please stick with me until I give you the "all clear".
  • Only run the tools I guide you to.
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.

 

Edited by MKDB
Link to post
Share on other sites

The Logfile FRST.txt is incomplete. The first part is missing.

 

Can you please reboot your system and run FRST again and attach the logfiles.

Thank you @Androo

 

 

Step 1

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

Edited by MKDB
Link to post
Share on other sites

We are running a fix with FRST (Step 1). After that, we do another check with FRST (Step 2).

Thanks @Androo.

 

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Andrei\Desktop\New folder\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

 

 

fixlist.txt

Edited by MKDB
Link to post
Share on other sites

Great @Androo. 🙂

Does MBAM still detect this BitCoinMiner?

 

While I'm analyzing your logfiles, please run MSS for me.

Thank you again!

 

 

Step 1

The Microsoft Safety Scanner (MSS) is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

  • The download links & the how-to-run-the tool are at this link at Microsoft.
  • Please let me know the results of this scan.
  • Run a Quick Scan.
  • The log is named MSERT.log.
  • The log will be at%SYSTEMROOT%\debug\msert.log which in most cases is

C:\Windows\debug\msert.log

  • Please attach that log with your next reply.

 

 

It's just after 11:30pm here, I'll be back tomorrow.

Link to post
Share on other sites

Update. MWB no longer detects any ZoomX or ZoomE. However, each time I open the task manager, for a very brief moment, the gpu load is at about ~30-40% and it quickly goes back to 0. Also the GPU clock and memory clock spikes are still there. Every time I open the task manager a spike appears. We'll talk tomorrow, thanks! 😁

image.png

msert.log

Link to post
Share on other sites

Thanks for the feedback @Androo.

Please run another scan for me until I can check your newest logfiles. See you tomorrow.

You're doing great!

 

 

Step 1

Please download and run the Kaspersky Virus Removal Tool to remove any found threats. More information here.

Let me know if it finds anything or not. You can find a logfile under Report.

Link to post
Share on other sites

Good morning @Androo.

After you have run Kaspersky Virus Removal Tool, please run the following fix with FRST.

We are going to remove some orphans and check Windows System Files. This may take some time (>15 min), please be patient. You should not run any other application during this fix.

Thank you!

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from.

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Hi @Androo,

thank you for those logfiles.

I'm glad that Kaspersky came back clean. Your latest fix ran fine, the newest logfiles look good. There is just one little thing we should look at.

You can run Kaspersky on system drive as well. This may take some time.

I assume that your GPU problems are based on your latest windows updates.

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from.

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

fixlist.txt

Link to post
Share on other sites

  • Solution

Hello @Androo !

 

 

Thank you for your cooperation, we're done.

 

Final Step

  • Right-Click on FRST64 and choose Rename.
  • Rename FRST64 into Uninstall.
  • Run Uninstall.
  • FRST and it’s files/folders will be deleted.
  • If the tool needs a restart, please make sure you let the system restarts normally.

 

 

 

 

A few final recommendations:

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.