unknwn 0 Posted March 15, 2022 Share Posted March 15, 2022 My laptop is new, Windows is activated with a key, I didn't download any applications from torrents! Microsoft Office didn't even download either. Everything is from official sources. I'm thinking, can it be that there is a virus on android tv and it managed to penetrate my laptop over the network? 🧐 I used to have such on an old laptop, only low-level ssd formatting from a flash drive in which hardware write protection helped. Creates tasks for itself, my ports are constantly obeyed, svchost.exe starts loading the percentage over time, then it turns out that Microsoft Defender no longer reacts, the virus increases its privileges, changes the registry, etc. The laptop is new, 2 weeks old, I didn't shove usb flash drives, only a new one + a new mouse and a new router. Here are all sorts of logs, just help me get rid of it! I don't know where to look. HiJackThis.log Drweb.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted March 15, 2022 Administrators Share Posted March 15, 2022 Quote Creates tasks for itself, my ports are constantly obeyed, svchost.exe starts loading the percentage over time, then it turns out that Microsoft Defender no longer reacts, the virus increases its privileges, changes the registry, etc. Please elaborate more on this. What tasks are created? Can you provide details about the tasks, especially what they do? What does "ports are obeyed" mean? Svchost.exe may consume CPU since it's a standard system process. As for Defender, it's deactivated after installing ESET so it's ok that it doesn't run and react. What does "the virus increases privileges" mean? What registry values were changed? Last but not least you've posted logs from a competitive AV vendor. They show a different AV than ESET to be installed. This is as ESET forum and therefore we provide assistance to users of ESET products here. Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 15, 2022 Share Posted March 15, 2022 (edited) It appears you have Dr. Web installed as your AV solution. Note that Dr. Web is a Russian based product and in fact is the only AV approved by the FSB for use in Russia. Read into this what you will. If I was in Ukraine, I certainly would not be using the product given the current situation there. Unless you have an Eset product installed, this forum can't be of assistance since the moderators here need Eset logs in able to access the current situation on your PC. I advise you seek help in the various malware assistance forums. Below are two links to a few: https://malwaretips.com/forums/windows-malware-removal-help-support.10/ https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/ I wish you the best over there. Edited March 15, 2022 by itman LesRMed 1 Link to comment Share on other sites More sharing options...
unknwn 0 Posted March 15, 2022 Author Share Posted March 15, 2022 I need you to realise that neither Eset nor Kaspersky nor Dr.Web can find it. I used Dr.Web only to create a log. privileges it raises itself through local policy. Antiviruses do not find it, because it is perfectly encrypted. soon, when it reaches a certain level of privileges, it starts to intercept api, so and because of this the number of svchost.exe grows before our eyes and heavily loads the laptop at that Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 15, 2022 Share Posted March 15, 2022 (edited) 11 minutes ago, unknwn said: I need you to realise that neither Eset nor Kaspersky nor Dr.Web can find it. I used Dr.Web only to create a log. BTW - Kaspersky is in the same category. German government advises against using Kaspersky antivirus: https://www.bleepingcomputer.com/news/security/german-government-advises-against-using-kaspersky-antivirus/ . Do you have an Eset product installed using a paid license? Edited March 15, 2022 by itman Link to comment Share on other sites More sharing options...
TheStill 29 Posted March 16, 2022 Share Posted March 16, 2022 I think your first step should be to remove all untrustworthy software and then install the ESET free trial. If you no longer experience issues then you know the cause was from one of those applications. If you believe there is still a virus that is not being picked up then the easiest and fastest way to resolve that then is to wipe the computer clean and reinstall windows. That way you can be assured there is no chance of any viruses. Then if something pops up you can relate it back to the last application or action that you did. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted March 16, 2022 Most Valued Members Share Posted March 16, 2022 11 hours ago, unknwn said: I need you to realise that neither Eset nor Kaspersky nor Dr.Web can find it. I used Dr.Web only to create a log. privileges it raises itself through local policy. Antiviruses do not find it, because it is perfectly encrypted. soon, when it reaches a certain level of privileges, it starts to intercept api, so and because of this the number of svchost.exe grows before our eyes and heavily loads the laptop at that You have mentioned 3 AVs on here. Are you using them all at once? Having all 3 installed could explain some issues as you should only really use one AV to avoid conflicts. You've also not confirmed if you have a license for Eset. This forum is for Eset members. Support is limit if you haven't got a license e.g. general product enquires. As itman suggested you'd be best using a forum dedicated to general malware removal that isn't attached to a specific AV Link to comment Share on other sites More sharing options...
Recommended Posts