Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Not sure about infection: Poweliks or conhost miner
Message
<blockquote data-quote="Silas Charleaux" data-source="post: 657181" data-attributes="member: 21524"><p>Not sure if infected by Poweliks, COM Surrogate or conhost miner.</p><p></p><p>I have disk encryption(bitlocker). I have Kaspersky TS 2017 running, still no detection and no flags or warnings. </p><p></p><p>Also thinking about giving up on it. How does the antivirus does not warn or notice this ridiculous activity that anyone with ctrl+alt+del can spot?</p><p></p><p>Also after checking process explorer makes, it even more evident. Several different processes injecting one single instance into svchost, conhost and cmd and targeting Chrome with scripts. If I ownership, inherit and delete. It is just swapped by other processes behaving in a exactly same fashion doing the exactly same thing. Note, I did not delete conhost, svchost or cmd, I know they are indispensable. But the injections only increase response until I finish a critical process which prompts a restart. It is tiresome.</p><p></p><p>It is very subtle, because it is mostly 1 or 2 processes(system32, system32\wbem or syswow64\wbem). The injection does not multiply. Only gets swapped when finished. I notice when it started, because my fan tells me. It affects If I'm gaming, idle or running several tabs on Chrome, which already hogs up a lot of memory.</p><p></p><p>Anyway, FRST logs are uploaded, I kindly appreciate any help in advance. Also I apologize if there is no infection. It is just weird to see Windows being so persistent in hogging up my memory and launching instances of applications while I'm idle.</p></blockquote><p></p>
[QUOTE="Silas Charleaux, post: 657181, member: 21524"] Not sure if infected by Poweliks, COM Surrogate or conhost miner. I have disk encryption(bitlocker). I have Kaspersky TS 2017 running, still no detection and no flags or warnings. Also thinking about giving up on it. How does the antivirus does not warn or notice this ridiculous activity that anyone with ctrl+alt+del can spot? Also after checking process explorer makes, it even more evident. Several different processes injecting one single instance into svchost, conhost and cmd and targeting Chrome with scripts. If I ownership, inherit and delete. It is just swapped by other processes behaving in a exactly same fashion doing the exactly same thing. Note, I did not delete conhost, svchost or cmd, I know they are indispensable. But the injections only increase response until I finish a critical process which prompts a restart. It is tiresome. It is very subtle, because it is mostly 1 or 2 processes(system32, system32\wbem or syswow64\wbem). The injection does not multiply. Only gets swapped when finished. I notice when it started, because my fan tells me. It affects If I'm gaming, idle or running several tabs on Chrome, which already hogs up a lot of memory. Anyway, FRST logs are uploaded, I kindly appreciate any help in advance. Also I apologize if there is no infection. It is just weird to see Windows being so persistent in hogging up my memory and launching instances of applications while I'm idle. [/QUOTE]
Insert quotes…
Verification
Post reply
Top