- Dec 5, 2014
- 4
Hello forum,
I noticed my pc running slower a couple of days ago. When I checked the task manager, I saw a high number of mcnwsrbhmzn.exe processes, identified as "Google Chrome", taking up CPU and specially memory resources. I don't have Chrome installed, so I started suspecting... Further Internet research kind of confirmed I had become yet another fake Chrome process victim.
The process local file is stored under Appdata->LocalLow, folder Zorxeaq.
I can kill the processes from command line with taskkill /F and then delete the folders/files, however, one empty Zorxeaq folder is always recreated - so there is "something" watching my deletions. If I restart the PC, the processes and the files appear again from "somewhere"... If I restart in safe mode, no processes/folders are recreated (which makes sense).
I attach the FRST log. Notice that my disk drive is encrypted and I have to manually enter the key when I restart in safe mode. I don't know if this is important for the recovery process.
Thank you so much, your help is greatly appreciated!
I noticed my pc running slower a couple of days ago. When I checked the task manager, I saw a high number of mcnwsrbhmzn.exe processes, identified as "Google Chrome", taking up CPU and specially memory resources. I don't have Chrome installed, so I started suspecting... Further Internet research kind of confirmed I had become yet another fake Chrome process victim.
The process local file is stored under Appdata->LocalLow, folder Zorxeaq.
I can kill the processes from command line with taskkill /F and then delete the folders/files, however, one empty Zorxeaq folder is always recreated - so there is "something" watching my deletions. If I restart the PC, the processes and the files appear again from "somewhere"... If I restart in safe mode, no processes/folders are recreated (which makes sense).
I attach the FRST log. Notice that my disk drive is encrypted and I have to manually enter the key when I restart in safe mode. I don't know if this is important for the recovery process.
Thank you so much, your help is greatly appreciated!