Well, I guess “moderate” is purely opinion, but here’s the background:
The system was infected with an internet download purporting to be a Microsoft Toolkit by the owner (my little brother smh….who ought to KNOW BETTER, but I degress…) which infected it with, amongst other things, AzorUlt as well as some bitcoin/monero miner/stealers. I’ve done initial cleaning using both malwarebytes and bitdefender, and I believe the bulk of the infection is eliminated. That said, I believe there are some lingering pieces and I’d be grateful for some help cleaning them up.
1) I have 2 processes running in taskman that are nameless and that I believe to be malware. If I had to guess based on what I’ve seen, I’d say they are miners, because intermittently they will bump CPU usage to 100%, but it’s intermittent…I haven’t noticed this occuring lately, possibly because I’ve firewalled it’s internet connection and it can’t mine if it can’t access the blockchain. Again, this is speculation, but it makes logical sense- at least to ME haha….point is, they exist, they’re there, and I’m 99.999% sure they SHOULDN’T be….
2) There is a Chrome extension in MS Edge called vFunSecure that, despite removing repeatedly, continues to just come back. It attempts to open browser tabs on it’s own, although they don’t navigate anywhere, for whatever reason. Possibly because Bitdefender is blocking it, I’m really not sure. I just know I want it gone!
I’ve attached the FRST.txt and Addition.txt and I’d be grateful if someone would help me by taking a look and verifying if my suspicions are founded or not. It should be noted that, currently, I’m not experiencing any undue CPU usage/etc, but I feel that’s only a result of limiting network access. At minimum I want to eliminate this rogue extension in Edge, but really I just want to be sure that any infections are fully eliminated.
Thanks in advance for any and all help, and I’m available to follow direction pretty much around the clock.
Best,
Rx8driver