Regarding file conhost.exe in temp folder

I did some research. You have a cryptomining malware on your machine. This is going to require aggressive techniques to remove. Let’s get started.

To start, please download RKill and ESET Online Scanner. You’ll need both of these to start. Please keep RKill someplace easily accessible as we’ll need it multiple times in our disinfection.

After doing so, please run RKill and let it finish. After that’s done, go ahead and run ESET Online Scanner and do a full scan. Please post any logs it generates and await further instructions.

In my professional opinion, Panda is crap. I don’t recommend it on my client’s PCs. I recommend Malwarebytes + Emsisoft. I use those personally and commercially.

Attached are the screenshots of Rkill and eset online scanner logs, i appreciate your effort for helping me in making my system virus free and safe.
The reason i kept panda was that my system became too slow and i had premium Mcafee , it couldnt detect any virus and no antivirus was able to run on my pc other than panda. Sure i am gonna delete panda as instructed by you.

Awesome. ESET found some stuff. We’re going to go ahead and start the next step.

Go ahead and reboot the computer. After doing so, re-run RKill. No need for a log this time.

After RKill completes, go ahead and do the following:

Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator



Click on Reset Chrome– Allow completion.
Click on Reset Firefox– Allow completion.
Click on Reset Internet Explorer– Allow completion.

We will need a log from AdwCleaner for further information.

Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.

[IMG alt="oklj3amfOpqEpPVXnuqk79lHRApDnhPQVXn6z6Y3NoRuE Owdc4_mOGQu11P43d4Fb8OGSEeDJ_AsebIM9FWRakQeH_rBtmE r8_ua1VJwBd_Ws3-miUSngeShjQ7W5K4p6SytCWs2=w2400" width="627px" height="401px"]https://lh3.googleusercontent.com/oklj3amfOpqEpPVXnuqk79lHRApDnhPQVXn6z6Y3NoRuEOwdc4 _mOGQu11P43d4Fb8OGSEeDJ_AsebIM9FWRakQeH_rBtmEr8_ua 1VJwBd_Ws3-miUSngeShjQ7W5K4p6SytCWs2=w2400[/IMG]

Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click “Clean & Repair”
[IMG alt="7pQdUft-ojpPn88OGfzif4Zs2nG7cOkKWXOxq2hnIP5ll37IPbMzLUh9W3 aC0wQonD-NEIwql19Hh7DJiYPOF1HL71bdqy81MiaqpcsP5f0JtykiLSk-l96KByQKj1ou2rexlOpo=w2400" width="627px" height="401px"]https://lh3.googleusercontent.com/7pQdUft-ojpPn88OGfzif4Zs2nG7cOkKWXOxq2hnIP5ll37IPbMzLUh9W3 aC0wQonD-NEIwql19Hh7DJiYPOF1HL71bdqy81MiaqpcsP5f0JtykiLSk-l96KByQKj1ou2rexlOpo=w2400[/IMG]

After selecting “Clean & Repair” another dialogue box may appear asking to restart now or later. If so choose “Clean & Restart Now”
Once the PC has restarted if AdwCleaner does not restart then open it again and click “Log Files” tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent “Clean” log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post

We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon https://pchelpforum.net/attachments/mwb-jpg.481 to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

[ul]
[li]If the dashboard is not already displayed select it.[/li][/ul]

[ul]
[li]Then select Update to get the latest definition database.[/li][/ul]



[ul]
[li]Next we need to change a scanning option, select Settings on the main menu[/li][/ul]

[ul]
[li]Then Detection and Protection on the left.[/li][/ul]

[ul]
[li]Then select Scan for rootkits in the detection options, as well as the other two options already checked.[/li][/ul]



Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.



[ul]
[li]Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected[/li][/ul]



A dialogue box may open and ask to restart the computer, if so select Yes



Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.



Please copy and paste the contents of the text file in your next post

Download Security Check to your desktop.
Right click it and choose Run as Administrator.
When the program completes, the tool will automatically open a log file.
Please post that log here in your next post.

Reset Host File

[ul]
[li]Click here to download RstHosts v2.0[/li][li]Save the file to your desktop.[/li][li]Right Click and Run as Administrator.[/li][li]Click on Restaurer, then click OK at the prompt.[/li][li]This will restore the default host file.[/li][li]Next Click on Creer Un Rapport.[/li][li]This will open a logfile, post that in your next reply.[/li][/ul]

After doing all that, please re-run ESET, as well as fresh FRST logs. After doing all said, post all the required logs and reboot the computer. Don’t worry, we’re getting your computer clean

Below are the attached logs, eset scan would take some hours so i would update it later and also frst logs. I am so thankful to you for that

I await the other logs

Below attached are the rest of the logs

what should i do next?

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

below attached are the fixlog and frst logs

Alrighty sir. Your logs look much better now.

We’re going to do one more thing and then we’ll see how your computer acts before I recommend some actions on keeping it clean.

Please download Emsisoft Emergency Kit. Run it and let it complete a FULL scan. Please post the log it posts

below is the attached log of full scan

How does your computer run now?

It runs fine,havent checked whether that conhost.exe is generated in temp folder or not. According to you is it virus free now?

Check and ensure it doesn’t exist

For now it doesn’t exist.