Operating System
Windows 10
Infection date and initial symptoms
Just after Christmas. Clicking on any application file causes a pop up window with Chinese characters and heart emojis to appear. After cleaning install, appearance of Windows appear off. Edge opens automatically and I can't download and install Windows Themes to change my desktop settings
Current issues and symptoms
After last clean install, and keep system isolated. Nothing so far. Have since installed VoodooShield, Shadow Defender, AdInf32 and Ransomware Stopper and keeping my fingers crossed.
Steps taken in order to remove the infection
Scanning with every antivirus, anti-malware, anti-rootkit available before going the nuclear option.
System logs
I did not upload the FRST.txt logs

seraph7

New Member
Hi, I wonder if any of you guys have come across such a maleare? I am online a lot and am very mindful of the risks involved. I use Windows Defender in conjunction with Malwarebytes Premium 3.0+,. Three weeks ago, I must have accidentally clicked on something I shouldn't or some script got past my Firefox (I use uBlock Origins, No Coin and Malwarebytes add-ons) and I ended up with something vthat hijacked my .exe application files. Running scans with Windows Defender, Malwarebytes, and then Kaspersky AV, Avast AV (Free), Spybot SD, Sophos AV (Free) and Hitman Pro cleaned up a few PUPs but the problem still persisted. Using rKill and Power Tool managed to contain the problem somewhat. But I felt that the malware was not totally eradicated. Even after I did a clean install, I noticed that Microsoft Edge would open on its own and I suspect that the desktop I was in was a clone. Does it make sense? Or was I being paranoid.

To cut a long story short, I have done another 'clean' install, this time with software and Windows from another system and have yet to go online. So far things seen okay. But I still worry.

What do you guys think? Any ideas as to what this malware is? I have also used autoruns but the malware recognises this now and then. As it does with procmon.

Any ideas and insight will be much appreciated.
 
  • Like
Reactions: geminis3

seraph7

New Member
Thank you for the guidelines. Unfortunately I have already taken the nuclear option and so far am only beginning to reinstall my programs with additions like afInf32, Shadow Defender and Voodoo Shield. Previously, before formatting my SDD, I had used frst64 but wasn't clear about sending it's report for a fix list. I now know better.
Still, I wrote in to find out if my infection has been encountered before or if it's something new.
I hope I have not offended.