Posts

Suspected Intrusion.. – Virus, Trojan, Spyware, and Malware Removal Help


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021

Ran by Ryan (administrator) on DESKTOP-8OL8T3U (BIOSTAR Group Hi-Fi B85S3+) (10-01-2021 14:55:26)

Running from C:UsersRyanDesktop

Loaded Profiles: Ryan

Platform: Windows 10 Pro Version 20H2 19042.685 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0Windows Communication FoundationSMSvcHost.exe

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v4.0.30319SMSvcHost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32PrintIsolationHost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2011.6-0MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2011.6-0NisSrv.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplay.NvContainerNVDisplay.Container.exe <2>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <5>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32…Run: [ControlCenter4] => C:Program Files…

Source…

F Secure SAFE | Internet Security Review



Comodo Internet Security Review | Test vs Malware



Possible Fastsolvecaptcha problem – Virus, Trojan, Spyware, and Malware Removal Help


I’ll try and keep this short because I’m just looking for reassurance, really.

Basically, on Monday I was doing some research for a blog post and clicked on what looked like a proper link in Google (the SEO meta description and title all looked like what I was looking for) but then it redirected me to fastsolvecaptcha.com. I stupidly clicked allow because I’d never seen it before, and a bunch of notifications came through, all claiming I had a trojan on my computer, but all for security programs I don’t have installed (so I knew they weren’t genuine). I accidentally clicked one while I was trying to get rid of it, and it took me to a website, but I closed the tab straight away. I went back into Chrome and revoked and removed all the permissions for fastsolvecaptcha, and I haven’t had another notification since.

I also did a system restore to an automatic restore point the day before. Then I ran Norton Security and their Power Eraser but nothing came up. One of their team ran their Forensic Toolkit and THAT didn’t find anything. I then followed the advice in the guide on the MalwareTips site and ran MalwareBytes, which said it found 18 threats, but it only quarantined and removed 17. They were all listed as riskware and crypto miners, but I have no way of knowing if they were already on my computer before I ran into this captcha nonsense. It’s a bit disconcerting about the 18th one, but it hasn’t found anything else since.

I then ran Hitman Pro as well and it only found tracking cookies.

I had a bit of an issue yesterday with Chrome, which changed its homepage to the main Google page (normally I have it open on Gmail) and then whenever I closed Chrome and reopening it, it was reopening tabs I’d had open the last time. I found a fix for that on a Google support thread and that now seems to be sorted, so I’m guessing a Chrome update might have been behind that one.

 

But I have pasted the contents of the FRST.txt and Addition.txt files below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020

Ran by ljsed (administrator) on LAPTOP-8SISSELD (LENOVO 81YU) (02-01-2021 15:01:54)

Running from C:UsersljsedDownloads

Loaded Profiles: ljsed

Platform: Windows 10…

Source…