Possible virus/malware. Don`t see anything on the web about View previous topic :: View next topic  


NFOHump.com Forum Index - Operating Systems
Page 1 of 1
Stainy




Posts: 280
PostPosted: Wed, 4th Oct 2017 19:52    Post subject: Possible virus/malware. Don`t see anything on the web about
So I have this folder in C:\Users\<USER>\AppData\Local called cgevxot

I can`t get into it.. I can see it has some .exe`s and dlls. ( Access is denied ) whatever I try.

Now every now and then it spawns several avezlik.exe process. These consume memory like it`s going out of fashion.
With process explorer I can kill cgevxot process and it kills off the childs ( avezlik.exe )
But they return sometime later.
I did a search in the registry for both and deleted all references. I booted up a live Linux mint to delete the folder in AppData\local
That was yesterday..
It was running again a moment ago. Anyone have any ideas?
I`ve just removed one more reference to avezlik.exe in my reg and I`m going to boot Linux and removed the folder again.
The details on one of the processes ( I forget now ) comes up as JetBrains and martin prikryl ( Winscp fame )

Sad
Back to top
thudo




Posts: 6309
Location: Mellonville North, Canada
PostPosted: Wed, 4th Oct 2017 20:36    Post subject:
Logged as the TRUE admin of the box to kill this? Maybe run in Elevated Command Window (give cmd.exe full Admin) then try to kill it?

Could be a BitCoin Miner or Password Stealer.

MSI GT72S 6QF Dominator Pro S 29th Anniversary Intel i7 6820HK @ 4.0Ghz, 32GB DDR4-2133 RAM, 2x256GB Raid0 Toshiba NVMe 2.5 inch PCIe SSD, Nvidia Geforce GTX 980 OC'ed 200+ Core / 200+ Mem, 17.3 inch LG IPS HD Display @ 75Hz, Intel 7265AC Wifi, Windows 10 Pro BIOS version: .112 EC Firmware version: .105

Current Broadband speed record: 329.1 Mb/sec down // 21.73 Mb/sec up
http://www.dslreports.com/speedtest/3933292.png
Back to top
Bob Barnsen




Posts: 31974
Location: Germoney
PostPosted: Wed, 4th Oct 2017 20:57    Post subject:
TBH i would just format the system partition and reinstall Windows again. Because i really doubt you will be able to clean it the manual way anyways.

Maybe do a backup of the stuff in the UserProfile folder that you really need again.

Enthoo Evolv ATX TG // Asus Prime x370 // Ryzen 1700 // Gainward GTX 1080 // 16GB DDR4-3200
Back to top
The_Zeel




Posts: 14922
PostPosted: Wed, 4th Oct 2017 21:06    Post subject:
any good system restore points?
Back to top
Ampee




Posts: 1986
PostPosted: Wed, 4th Oct 2017 21:58    Post subject:
Cant get into the folder:
If you're an admin on your computer then dont forget that you can take ownership of whatever file/folder you want.
Use the gui or the takeown command. Then add your account to that folder's ACL. Thats it.
Back to top
Janz




Posts: 13997
PostPosted: Wed, 4th Oct 2017 22:29    Post subject:
the system is already compromised. dont waste your time with trying to remove that shit, you cant be sure there isnt anything else

clean install windows
Back to top
VGAdeadcafe




Posts: 22230
Location: ★ ಠ_ಠ ★
PostPosted: Thu, 5th Oct 2017 00:59    Post subject:
Get HitmanPro, it is standalone, no installation needed. Then run it while holding down Ctrl (I think?) so that it kills all running processes. Then do a full scan, you can enable 1 month trial if you need it to remove shit.
Back to top
ixigia
[Moderator] Consigliere



Posts: 64926
Location: Italy
PostPosted: Thu, 5th Oct 2017 01:27    Post subject:
If you can't afford doing a full cleansing procedure right now, I would recommend giving a shot to Techspot's malware section, there's a knowledgeable team able to solve the trickiest infections. I opened a thread there some years ago when I got the nasty Sirefef one which would start processes everywhere and even reboot my PC (it was a lost cause really), yet a mighty solution was found eventually Razz
Back to top
Stainy




Posts: 280
PostPosted: Thu, 5th Oct 2017 03:06    Post subject:
I did a clean install on another SSD. I had already tried all your suggestions! Thanks for all the info Smile

Now to get Win10 activated Wink
Back to top
Page 1 of 1 All times are GMT + 1 Hour
NFOHump.com Forum Index - Operating Systems
Signature/Avatar nuking: none (can be changed in your profile)  


Display posts from previous:   

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group