My friend brought over his PC, and it had a background picture (king) that was a screen shot of MS Trojan picture and scam phone numbers added for further help.
He called me right away and told me, so he dropped it off for me in hopes I could save it for him.
First I installed MBAM and it reported 50ish pups and other harmless items.
Then I did a backup with his Norton’s security with Lifelink and 30 minutes or so later it looked like it started to go to sleep, then I see the mouse cursor moving on it’s own and clicking things. i quickly shut it down, then unplugged the internet.
Then booted normally, then I ran norton’s and did both a quick scan and full system scan with no issues reported.
Then I download FRST and put it on USB and ran it on infected system and here are the log files, plus reran MBAM as per guide on main menu.
I did a couple extra thinbgs and removed the remote log-in apps. Log me in, Teamviewer and AnyDesk (if that is the right name, it was Any-something or other)
I also notice ZUpdater in startup of task manager, but nowhere on the control panel or app section of settings. Google said a possible dataminer program.
After I reboot, I get to the desktop and the online Simple Solitaire app opens in a firefox browser and I can do anything. it appears locked up. I even hit the start burron and nothing happens. I then hot [Win]+ R for command prompt, and a tiny search box looking rectangle appear inside the Simple Solitaire game, but as soon as I try to type in it, it disappears.
I had checked the firfox add-ons yesterday, and there were a lot of them. I got locked out before I could remove them all.
If anyone can take a look, I would be very grateful.
-=Mark=-
An update, I removed all drives and inserted them in my other rig and scanned then with windows defender yesterday and found more stuff.
I just now put the boot drive back in and launched mbam and frst again and will post new logs.
I hope this does it. Zupdater is still in the task manager under startup, but it is still disabled. If that even matters. It’s running much better, but it will be good to know it is clean. Also, SFC /scannow reports no problems.
Aslso, Norton’s Security was blocking FRST. I allowed it, but then when I clicked FIX button of FRST, noton was blocking it. FRST finished anyway, so I’m not sure if it did it correctly.