Should I do a fresh install or I have a chance of fight against this thing? Stuff in startup in the task manager look fine tooīut seeing that this nasty virus has put itself in entries that try and restore it after each boot, I am sure its doing some trickery to get back on its feet or remain undetected. I ran a DISM, but nothing was really found, I ran an SFC scan, and it did find some corrupted files! And the files were:Ĭ:\Windows\System32\drivers\BthHfEnum.sysĪnd C:\Windows\System32\drivers\bthmodem.sys, mostly. So What I suspect that I might have encountered a different virus, or a modified virus that has evolved to bypass the instructions given in the github, The steps also mention that the virus modifies a system file named SyncAppvPublishingServer.vbs on your pc (Can be found in the system32 folder), however the contents of the file are the same as the legitimate version, so nothing was really different. The steps mention there should be a txt file in the folder C:\Windows\logs\, but mine does not have any. Instead, according the the malwarebytes scan that I've received, the malware was found here instead: C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\ I tried following the steps, besides browsing the Task Scheduler since it wont run in Safe Mode, which is how I am using my computer at the moment as im on the hunt for the malware, so I instead went to the folder:Ĭ:\Windows\System32\Tasks\Microsoft\Windows\NetService\ to find any remains of the virus, but such folder didnt exist! I have made some research online but google didnt net me many results, however I did find this thread which the same virus is discussed (hopefully) and someone attached a link to a thread on github for removing the virus, which can be found here: My malwarebytes runs its usual scan the next day and suddenly it has caught like 5 viruses, A virus named and a sprinkle of Trojan.BitCoinStealer. Recently I have accidentally perma-deleted a folder on my PC that contained important files and I have been making attempts to restore them by download a various of reputable software like R-Studio, Recuva, Reclaime and so on and so on.īefore I ever run anything on my machine I always make sure to run them through a virus total even if I get them from a legitimate place or not, and everything came clean. Endpoint Detection & Response for Servers
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |