Next Level Evasive Malware Suspected 😅 PLS HALP!!!

[gem-pie]

Hey All,

Big TIA if anyone can help, I could really do with guidance from someone who actually knows that they're doing 😅🙏🏻

I'm running MBAM on my 1.5yo mini PC (MSI Cubi5 Win11Pro / i7 / 32GB / SSD x2) but I've had odd PC behaviour since returning to 24/7 web access at the end of January after being away and largely offline for the month.

I've been preoccupied and I'm a bit late to remediate, but I suspect something nasty, clever and extremely evasive has slipped through the cracks between getting back online and up to date.

I'm not in tech but I've managed a microscopic network for a small business for 15+ years and have picked up a bit about infected PC behaviour from the early days. Mine is looking, walking and quacking like the proverbial duck; BSOD attempts to auto repair on startup, app crashes, operation hangs, laggy performance, critical errors - the whole shebang 😩

I'd vaguely been thinking the BSOD auto repair attempts on startup were a Windows Update triggered hardware/system dummy spit about me treating my mini-pc like a laptop with regular relocations between home & work and no battery for quick startup behaviour at either end... which seems pretty dense of me now 🤦🏻‍♀️ When another workstation at the business began acting out I became much more suspicious.

No detections by MBAM. None via Windows Defender on demand. None via various other scans. I ran the portable edition of ClamWin last night and it took hours. There had been several detections by the time I went to bed with the scan still running; a Qbot Trojan, multiple Expiro, and a few more I can't recall... I'd counted on waking up to a detailed log of ClamWin's findings, but the results were curiously bland... Is it even possible for malware to somehow alter scan results that have detected it???

My installation is a mess and I'm starting to think a reset will be called for, but I'll attach my HJT scan results captured in Safe Mode w/ Networking. Will restart and run again in normal mode and attach my results from that shortly too.

Many TIA for any assistance! 🙏🏻
230219_1624 HiJackThis.log

[gem-pie]

I've been getting this alert on startup for a couple of days, nothing that adds up.

[dragokas]

Hi,
If you need our assistance:

• Read carefully: How to make a request for help in the PC cure section

• Attach 'Collection-[Date].zip' log created by AutoLogger

---

Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

[dragokas]

Closed.
Reason: no answer for 10 days.
If you still need our help, please, execute the last steps, requested by a helper.
Also, download again AutoLogger, prepare new CollectionLog, and write what problems remained.