Virus issue

[Cyber-Mav]

convinced iv got a virus some how.
some sort of miner since its got high cpu usage.

also these 3 entries in defender keep auto reappearing after removing them so something fishy there.

malwarebytes keeps picking up trojan.malpack.generic with a dodgy named exe file in c:\program data\

so 100% this thing keeps coming back and adding the exclusions to defender too.
reinstall of whole os is out of the picture its just got way too much on it.
this is a work pc i do have a backup image but would like to see if this virus can be removed before restoring backup image.

 

[Cyber-Mav]

ok will reinstall malware bytes and run in safe mode.
im pretty sure this is the virus:

TrojanowerShell/Bynoco.RR​

its picked up by defender but keeps coming back

 

[Cyber-Mav]

And trying to get into safe mode it's bricked itself. Issue with windows exe.
Gonna try restore my backup image, looks like it's more recent than I thought at 3 days ago. Will need to scan it once restored to check for viruses

 

[Cyber-Mav]

restored the image from 3 days ago and all is fine, no viruses in scans although in my haste i think i may have lost my save progress in far cry 6. i has just got off the first island after blowing up the ships so now got to do all that again at some point.

 

[Cyber-Mav]

It's my home pc but used for work stuff too. Iv believe I found out where virus came from too so will be careful in future

 

[Cyber-Mav]

FarCry6-keygen.exe?

Close

 

[Cyber-Mav]

need to build up a set of tools to check for these sorts off things in future.
anyone got any recommendations for free scanner tools to have, portable or ones you dont need to install would be handy
i think kaspersky has one

 

[Cyber-Mav]

Ventoy I will have a look at.
Can't believe hiren boot cd is still in operation I used that probably 20 years ago

 

[Cyber-Mav]

i got separate usb sticks for memtest, one for partitioning drives, one for backup software etc. so this ventoy can consolidate them all? thats insane if it works

 

[Cyber-Mav]

Eset makes a PE
Kaspersky not really recommend
Nowadays due to being Russian
Or something
I know banks withdrew giving you
Free kaspersky due to it

Like I mentioned earlier
Use a spare usb/flash drive/old spare ssd etc
Put ventoy on it
Internal drives useful as ssd or m2 is
Faster ,cheap for a small one,saves hunting
for where you put the flash drives
And drop your isos on there
Would do something like eset as specifically
An anti virus
But also some full PE with multiple
Other tools
Hirens boot Cd
Sergei street PE etc

Those also let you copy data off
Unbootable system
Test drives,ram etc

Edit
Ventoy allows as many isos as can fit
In the drives available size
Much better than having a bundle of
Flash drives with just 1 tool
On each

Yumi multiboot also does

2nd edit
Custom PE like strelec have multiple
Anti virus scanners on there
And Internet connection to update
The definitions
A tool with outdated definitions
Is only slightly better than nothing

cant thank you enough for pointing out ventoy to me. this is fantastic, iv just tested it now with few isos and it works perfectly.

 

[Cyber-Mav]

Yep just put recovery image on it too. Gonna be considerably faster to restore from than over the network

 

[Cyber-Mav]

noticed something else. looks like ssd's slow down with age. restoring the image must have refreshed the cells since drive benches much faster now.

 

[Cyber-Mav]

if it was hypervisor related shenanigans then be careful where you got it from as easy to add to the original vbs script.

wasnt from the game but was from another app

 

[Cyber-Mav]

This is why they want to get people back into the office. And why most companies don't do bring your own device

Bring your own device
Yea I can imagine how that's gonna work out if they dont out their generic image on it.