Assigned Nslookup.exe keeps opening and using up CPU

This thread is being handled by a member of the staff.
Status
Not open for further replies.

rutzqwezex

New Member
Thread author
Feb 21, 2022
4
I'm pretty sure this is a virus or trojan that came with some sketchy file I downloaded.

Every say 2 minutes, two 2 nslookup.exe's will open in task manager and start using up a huge deal of CPU and memory. I've ran Windows Defender full scans multiple times with no results. This is likely due to the fact that the virus has added exclusions to the scan that prevent it from being detected, because every time I removed an item off the list, it is readded. Additionally, the entire screen has occasionally blacked out and programs such as Discord have been affected.

If I'm missing any attachments, let me now.
 

Attachments

  • 1645459121799.png
    1645459121799.png
    67.2 KB · Views: 30
  • 1645459300011.png
    1645459300011.png
    19.6 KB · Views: 30
  • 1645459334355.png
    1645459334355.png
    24 KB · Views: 30

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
794
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

rutzqwezex

New Member
Thread author
Feb 21, 2022
4
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
Hello. I've attached the txt files.
Since I started the thread, I got the blue screen of death and after the restart my Discord account got hacked by a bot which sent spam links to almost all of my DMs. Not sure if that was also part of the virus.
 

Attachments

  • Addition_21-02-2022 21.11.33.txt
    65.5 KB · Views: 2

rutzqwezex

New Member
Thread author
Feb 21, 2022
4
Hello. I've attached the txt files.
Since I started the thread, I got the blue screen of death and after the restart my Discord account got hacked by a bot which sent spam links to almost all of my DMs. Not sure if that was also part of the virus.
It isn't letting me post the FRST log.
 

rutzqwezex

New Member
Thread author
Feb 21, 2022
4
I ran a scan on a different antivirus and the problems seem to have gone, I'll update if they come back.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
794
Good Work.
I will leave this topic open for a few days.
Return if needed.
nasdaq
 
Status
Not open for further replies.