SysWoW64 Infection

FlyDwen

New Member
Joined
Sep 27, 2018
Messages
7
OS
Windows 10
#1
Hello,
Seeing my reset's logs contain some "Warning: Overlap: Directory \??\C:\Windows\SysWOW64\sv-SE\ is owned twice or has its security set twice", I have search how to correct it (I know my computer was infected after I downloaded "Cheat Engine". So I have reset my computer and, after checking the logs and seeing the message, I have restart my computer in "Command Prompt" mode.
I have did the analysis and get the FRST.txt.

Thanks for your help.
P.S. Sorry for my bad English. I am French.
 
Logs added to Help Request
FRST.txt
Likes: oldschool

FlyDwen

New Member
Joined
Sep 27, 2018
Messages
7
OS
Windows 10
#4
And my ''setupper.log" file contains the next informations (with errors) (attachment)
After resetting my computer, I just had a "Windows.Old" file in C: while I didn't choose to keep my personal files. So I just started my computer in "Command Prompt" mode to delete it (it contains some dll files in three folders).
 

Attachments

Last edited:

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Verified
Joined
Mar 8, 2013
Messages
22,358
OS
Windows 10
Antivirus
ESET
#5
Hello. Your computer isn't infected. Syswow64 isn't an virus, don't let some malware removal guides fool you.
 

FlyDwen

New Member
Joined
Sep 27, 2018
Messages
7
OS
Windows 10
#6
But, after the installation of CheatEngine, I have rebot my computer and, on restart, I have saw in Process Hacker two programs which were instances of "Syswow64". I didn't see them before.
 

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Verified
Joined
Mar 8, 2013
Messages
22,358
OS
Windows 10
Antivirus
ESET
#7
Where did you get that CheatEngine from? Are you sure it is not malicious?
 

FlyDwen

New Member
Joined
Sep 27, 2018
Messages
7
OS
Windows 10
#8
I got that CheatEngine on official website, and saw after it is detected like trojan on virustotal by more than 10 antivirus.
It was Wednesday, more than one week ago.
On restart, like I have said, I have saw some SysWoW64's processus on Process Hacker.
And actually, I can see two processus : "Memory Compression" and "Registry" which have no description and no file location (error when I click on Open File Location).