Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by DrpepperTaco

  1. Thanks for the tips! I'll try to catch some processes that use a lot of cpu. I'm pretty sure it closes as soon as I open it so i'll try to find an alternative task manager software to catch it. Also THANKS ALOT for having .koom decryptable! I checked STOPDJVU and I could decrypt it!
  2. Logs: FRST.txtAddition.txt EDIT: I tried to use EEK but both malware and quick scans detected none. So that should be a good sign. Also the task manager seems to hang at 82% cpu but for like 2 seconds it goes back to normal without the percent going down to 10-20%. So that issue is gone (I think)
  3. OK so I reset my laptop because it was in this restart loop after full scanning with Total AV (it seemed that the laptop couldn't find anything in the c: drive). So I had no choice but to reset and keep personal files (it deleted apps tho with i'm fine with). After that the fan was less loud, which I was pleased with. Loading times didn't have that weird long black screen before it sent me to the login page, and I noticed huge improvements. One thing that bothers me is that maybe the kept files after reset may have had an infection of some sort. I could see that the temp file has these again. I once looked up the name of each file and it shows my a website that relates to malware and viruses. I've seen these type of tmp files before and i didn't notice them prior to reset. I can attach you another scan log file to diagnose if that's ok Also i'll try to use Emsisoft Emergency Kit.
  4. Here: Fixlog.txt Also I was thinking of fully reseting my laptop but keeping my files and apps. Would this method work to remove the viruses or not?
  5. here's the new files. (Also is it normal for all the whitelist checkboxes are checked?) FRST.txt Addition.txt
  6. Ok so i've done that. So far I don't see any changes so the 'high cpu unless i open task manager' issue is still there, 1WVV0R7I3W.tmp is still appearing in System32 folder, etc... I was planning on running Tronscript which I found out about from this video: But before I do that it might be better to continue with this. Also Microsoft Defender picked up the _readme.txt files from the ransomware as a virus, this didnt happen before so I'm assuming something changed/happened with those .txt files that I don't know of. Another thing I did just recently was executing the 'scf /scannow' script to Command Prompt. After the scan it says: "Windows Resource Protection found corrupt files and successfully repaired them." Like I said i'm not sure of what changed after the scan so i'll keep you updated on that. I went to the 'uninstall windows updates' section in control panel and found an unspecified update called: Update for (KB2504637). This seemed suspicious to me but what do you think? In regards to updates, a couple of minutes or an hour after I discovered my laptop was having a ransomware attack Windows prompted me to update windows and so I did. I'm not sure if this was some sort of 'trojan update that has a virus' or something like that so let me know about that as well. Like I said, I'll keep you updated when I catch something or see any changes.
  7. thelogfromroguekiller.txthere. Also i misspelt 'Microsoft 665 Apps for enterprise - en-us'. the first 6 had a 3 ('Microsoft 365 Apps for enterprise - en-us')
  8. Ok so calling back and the 'high cpu unless I open task manager' still persists (which I'm concerned about out of others). Also I noticed that 2 Microsoft office click to run tasks are running at the same time. One has high disk usage but the other is normal. It appears whenever I turn on my laptop and open task manager but after a while it disappears. Relating to this I found a recent installation of 'Microsoft 665 Apps for enterprise - en-us' in control panel -> uninstall or change a program. IDK if this is a virus or not so let me now. Another thing that still goes on is the start up. Like I said before it, whenever I turn on my laptop it displays a black screen for around a minute or so after the windows logo shows up. Like I said again I haven't seen this before I was infected so some feedback or info about that would be great too. Also the 1WVV0R7I3W.tmp file keeps appearing in system32 folder, so AdwCleaner didn't fix that but I think there might be ways of permanently removing that. Out of all, the task manager high cpu thing bothers me the most. I don't think its just task manager loading in and displaying random digits until it generates the correct percentages because I could hear the fan dip down whenever I open task manager. But aside of that the laptop's been running well after the AdwCleaner so thanks for that! EDIT: I noticed my laptop's fan bumped up its noise 5-6 minutes after start up.
  9. I clicked 'delete' and PUP.Optional.Legcay (which has TotalAV as its shown directory) still there. Is it OK to leave it alone? Also I intentionally installed TotalAV and used it as my main antivirus until I started using Malwarebytes.
  10. Here's the log (sorry for the long reply) AdwCleaner[S00].txt
  11. EDIT: The high cpu and disk usage unless I open the task manager still persists, and I noticed the fan noise starts to dip down when I open task manager. Any help about this? Another thing that I'm concerned about are these tasks: Brave software update seems to be open even if I have brave off Whenever I close click to run it keeps opening again Antimalware service executable seems to consume lots of memory
  12. Fixlog.txtOk so I noticed some good differences after the fixlist thing esspecially the fan. So I think this did eliminate all if not most of my problems to thanks! One thing im a little concerned about is the file 1WVV0R7I3W.tmp. Before when I was using Malwarebytes to scan a day after the ransomware attack, I noticed it kept picking up this file in the temp folder, after some time it moved to the system32 folder. Idk if this is a normal thing or a persistent virus or something like that. What I'm surpised with is that the irremovable allowed threats tab is empty in Windows Defender, which I am really happy with. Coming to think of it, the lowwered fan noise along with the threats gone, (aside with maybe the 1WVV0R7I3W.tmp file maybe) I think this about resolved my issue. Also one thing that sort of concerned me is that after the Windows logo when I boot up the laptop, it goes black for a few seconds (20-40 seconds aprox) then gets to the log in screen. I'm not sure if thats malware related or probably Malwarebytes has to do with anything about this because after the windows logo (which goes on for 20-30 secs), it goes straight to the log in screen. But aside of that, thanks a ton! Although maybe comment on the tmp file and the boot up concern. (also here's this fixlog)
  13. Here's the logsscan_210930-131714.txtFRST.txtAddition.txt
  14. Thanks for the info! I noticed that whenever I open task manager it says 100%, then when loaded (takes a sec) it goes back down to around 10-20%. The sound my laptop makes also goes down, too. Is this normal? Also I have suspicion that some Windows services may be tampered with a virus of some sort. Especially Anti Malware Service Executable (task manager says the exe is MsMpEng.exe. Also this file is located in: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0. Instead of: C:\Program Files\Windows Defender which I found where the exe normally is in tutorial videos. This task seems to eat up most of my memory/ram. Which is around 60-70% when I have Brave open, 50% idle. Normally its around 20% before. (My ram size is 8gb.) I also noticed that turning on my laptop itself seems to be slower than before. It also shows a black screen with the cursor movable, which I haven't seen before, too. I ran Malwarebytes 4 times, first scan shown 180 viruses and such, second scan shown 30-50 (can't remember), third scan shown 10, and finally the last scan shown none. All of which it scanned I quarantined and deleted. It also seems to pick up some .tmp file in my temp folder for the last 2 scans. In Windows Defender, I noticed that there were allowed threats. When I went to disallow all of them they kept coming back to that tab. Photos are here: I'm pretty worried about my laptop's status, so maybe some help would be great! Thanks in advanced again!
  15. My personal files have .koom as an extension, along with viruses. Luckily my first attention was the viruses since they can spread, and I cleared all if not most of them. Afterwards, my worries lied upon the .koom files. When I used the STOP djvu decrypter tool it shown: Notice: this ID appears be an offline ID, decryption MAY be possible in the future I know that indicates the ID key isn't discovered yet, and so I went here to ask for some support, tips and also to show the ID to maybe help with you guys to find the key for it. Here's the ID: 99p8vN1UYnRVfJrLk31VTLd69Ni5b0ex99QMQKt1 Thanks in advanced!
  • Create New...