[SOLVED] HELP! Serious Undetectable Malware Infection

[Krixer]

Hello,

I suspected there was a malware infection on my system after I found a weird process called "net-helper.exe" running.

Rkill detected the process and terminated it.
Malwarebytes pro couldn't detect it, and Sophos Hitman Pro also did not detect it.
The service isn't a default windows service, it was created, and the file was created yesterday.
I also monitored the process in Procmon and the behavior is largely suspicious.
CrowdInspect also showed the process opening some tcp port to a remote location with the same weird webpage address!
I can disable the service and the process stops, but I just have no idea how to remove it.
No google search result for the malware's name, and I just have no idea what to do.

Here's the screenshots of the process in it's directory and the service:
https://drive.google.com/file/d/192Ktrzt19YfSfxp3K3isOVs7Z-a7LgZv/view?usp=sharing
https://drive.google.com/file/d/1xh_WDN3dPxjHiLMvc7WyJDvsuAnLypjC/view?usp=sharing

And here's the procmon log:
https://drive.google.com/file/d/1tTgXMlAA-9REd1G9FedpWQBYZEGECYmE/view?usp=sharing

PLEASE, help me out!

 

[Gegemon007]

Download Bitdefender Total Security and do a full system scan. It will see if it is a virus / malware

 

[Krixer]

Download Bitdefender Total Security and do a full system scan. It will see if it is a virus / malware

On it!

 

[Gegemon007]

It will also ask to uninstall all your Antivirus apps
And if that doesnt work. I think then Kaspersky will detect it
And even that doesnt work, then u can use CMD command Del
Just paste this command in Administrator CmD

 

[Krixer]

It will also ask to uninstall all your Antivirus apps
And if that doesnt work. I think then Kaspersky will detect it
And even that doesnt work, then u can use CMD command Del
Just paste this command in Administrator CmD

I would imagine that the malware has gone deep into my OS, so a CMD delete wouldn't suffice!

 

[Gegemon007]

Actually it hasnt, as it has only infected the services which u can delete
First type cd windows
Then type rmdir file name
Can u rename the file to NetHelper?

 

[Krixer]

I can rename it yes, but I'm thinking of a full reinstallation of Windows to be safe.

 

[Gegemon007]

I can rename it yes, but I'm thinking of a full reinstallation of Windows to be safe.

I was going to say if everything fails, reset windows using USB bootable installation file
U can try to delete it using CMD command which i did write above

 

[Krixer]

I was going to say if everything fails, reset windows using USB bootable installation file
U can try to delete it using CMD command which i did write above

Will do, thanks a ton!

 

[Gegemon007]

No problem bro, This forum is for helping only

 

[USAFRet]

I can rename it yes, but I'm thinking of a full reinstallation of Windows to be safe.

For your OS reinstall, see this:

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

 

[Johnwmel]

More steps will be needed, after I see the result of this log

Step 1: Run AdwCleaner
https://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml

Download AdwCleaner

AdwCleaner is a free program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer. By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing...

www.bleepingcomputer.com

AdwCleaner

AdwCleaner is a free anti-malware removal tool designed to eliminate: Adware (ads software) PUP/LPI (Potentially Unwanted Programs) Toolbars Hijackers (browser homepage hijackers) SpywareAdwCleaner quickly scans and removes adw...

toolslib.net

AdwCleaner 2024 - Free Adware Cleaner & Removal Tool | Malwarebytes

Download Malwarebytes AdwCleaner 2024 for free to remove adware, bloatware, unwanted toolbars, and other potentially unwanted programs (PUPs) from your Windows PC. AdwCleaner destroys adware and restores your PC's performance.

www.malwarebytes.com

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan Now
Click on Quarantine for all it finds.
Reboot.
Please Copy & Paste the contents of that logfile with your next reply.

https://imgur.com/qERgl4y

View: https://i.imgur.com/qERgl4y.gif

 

[mdd1963]

Nuke and pave!!