kafpolo

It could be, but why until now? many months have passed since the instalation, I'm sure I downloaded it from the official website, and from all the EXEs the only one that I have installed in the past, was "μtorrent"

Ok, thanks to @itman @Nightowl and @Marcos for helping 👍

Before closing this I have just one more question, can this incident make BSOD error "pool_corruption"?

What should I do about this? how could this problem be solved? __ Is this because of a bloatware? if so, What bloatware?

I got ASUS LU with the lates update.

In the IFEO there are only CFGOptions, MitigationOptions and DisableExceptionChainValidation. I don't think there are any suspicious .exes

I don't think that this apply in my case, I got my pc (which is an ASUS) 1 year ago

So, that means that my pc is clear of infection?

I moved them to the recycle bin and nothing happened after i turned on the pc. Then I accidentally moved some back to the omnisoft folder and they changed their name, with $ and random letters an numbers, why did this happened?

No, it doesn't apply, I haven't installed any hacktool for Windows.

I did this and used the avast boot-time tool, there were no detections. -- Does that means that there isn't an infection? If so, what do I have to do with the omnisoft files and folders? Do I have to make any other scans?

I will do it. Do you recommend to use Avast Boot-Time scan tool in addition to the Eset Costum scan?

But I uninstalled firefox and this remained, as I started the pc this program started opening pages in the malicious firefox.

Yes, but it does not open any pop up, it does not run and it does not appear in the Task Manager. Basically doesn't work at all.

So in the registry I could find only this HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched :: {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Common Files\OmniSoft\update.exe HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store :: C:\Program Files (x86)\Common Files\OmniSoft\uninstall\helper.exe Then I used the "revouninstaller" tool but there wasn't anything related to the Malware

There is nothing related to the malware software at control panel. ------ Thanks, I will try this.

No it doesn't runs since I did that

not even when I restart the pc.

No detections... I created the Firewall rule, the alert and log, but 4 hours later it has not detected anything yet. --- Is ther anything that I can do to get rid of this malware?

Do I have to upload the .EXE or all the files that are in that folder?

Yes, in Digital Signatures it appears that it is signed by Mozilla, and compared to the original, it has exactly the same configurations.

At the beginning when the computer was turned on the program was automatically executed, the program uses many resources and can even crash the computer. I managed to disable its execution at startup, and after making an analisys the ESET antivirus did not detected the malware. So, I know the location of the executable "C:\Program Files (x86)\Common Files\OmniSoft" but I don't see how to uninstall this program, It is not at the contoll panel. having access to the location of the program folder, how can I uninstall it?