[SOLVED] I'm 90% Sure I have a trojan. Please help!

[sebastianredwood]

A lot of strange things have been happening with my computer recently.
Missing files, unexplained webpages being open, incredibly high cpu usage up to 100%.
I'll take a video showing the strange things and maybe you can spot something that I can't...
My specs:
CPU: i7-4790
GPU: GTX 1660
RAM: 16gb DDR3
Storage: 1tb hdd & a 500gb ssd
Video I recorded showing the task manager and verisign.bmp looked like before I deleted it

 

[rgd1101]

malware scan?
what software did you download recently?

 

[sebastianredwood]

malware scan?
what software did you download recently?

malwarebytes and ccleaner, I literally reset my entire computer just 3 days ago because of this. The issues persist some how.

 

[sebastianredwood]

malwarebytes and ccleaner, I literally reset my entire computer just 3 days ago because of this. The issues persist some how.

hmmm, I've downloaded my drivers from nvidia, nvidia control panel and experience. steam, gyazo, firefox, streamlabs, all the normal stuff

 

[punkncat]

Does anyone else have access to the computer? What os are you using?

 

[USAFRet]

malwarebytes and ccleaner, I literally reset my entire computer just 3 days ago because of this. The issues persist some how.

"reset", how, exactly?
Anything less than a full wipe and reinstall does not count.

 

[sebastianredwood]

Personal computer
Windows 10

I completely wiped the hard drive and solid state drive, at least I think I did.
I chose the wipe everything option before hand and it took a few hours.

I found a folder named "services" with Verisign.bmp located inside.
Google said it's a trojan so I simply deleted it. I haven't found much else other then literally 90c cpu temperatures with 100% cpu usage.

 

[punkncat]

Home or pro?

 

[USAFRet]

Personal computer
Windows 10

I completely wiped the hard drive and solid state drive, at least I think I did.
I chose the wipe everything option before hand and it took a few hours.

I found a folder named "services" with Verisign.bmp located inside.
Google said it's a trojan so I simply deleted it. I haven't found much else other then literally 90c cpu temperatures with 100% cpu usage.

"I chose the wipe everything option"

You did this from within the running Windows instance?
That is NOT the same as a full clean install.

There, you boot from a Win 10 USB, and DELETE all existing partitions in the process.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...

forums.tomshardware.com

 

[sebastianredwood]

its not letting me post pictures.


also, I don't really want to reset my computer again because it took me the entire day to customize it the way I like not to mention the 6 hours of wiping and reinstalling...
I'd like to get to the bottom of this though.

 

[punkncat]

The reason I mention OS type and local access....it’s not many virus or Trojan short of ransom ware that wants you to know it’s there.

 

[sebastianredwood]

Windows 10 pro

I tried to upload 2 pics of the dxdiag screens but tomshardware detected it as inappropriate or spam for some reason.

 

[sebastianredwood]

Windows 10 pro

I tried to upload 2 pics of the dxdiag screens but tomshardware detected it as inappropriate or spam for some reason.

I also just noticed in the dxdiag that it's saying it's detecting only 14gb of ram instead of the 16gb that I've installed...?

 

[punkncat]

So, are you in a house with siblings or friends that might wish to mess with you? Check RDP and remote assistance settings.

 

[sebastianredwood]

I live alone so there should be no one but myself that has access to my computer.
Check these 2 pics out... nevermind... tomshardware is making this extremely frustrated. I basically have a screenshot of my task manger showing 1% cpu usage and then another half a second screenshot of it being at 98% cpu usage. Website won't let me share that though.

 

[USAFRet]

Upload your pic to imgur.com, and post the link here.

 

[USAFRet]

also, I don't really want to reset my computer again because it took me the entire day to customize it the way I like not to mention the 6 hours of wiping and reinstalling...
I'd like to get to the bottom of this though.

Do you want this actually gone?

 

[mdd1963]

Deletion of partitions takes but a second within the Win10 USB installer...

Installation of WIn10 takes about 5 minutes with any SSD and CPU made within the last 4 years...

Drivers packages, then apps, then WIndows updates...

Or, chase malware 3-6 hours, then up doing the above anyway.

"Best to nuke the site from orbit; it's the only way to be sure!"
Corporal Hicks, Colonial Marines

 

[deesider]

You could try running a linux install from a bootable usb, and scan the other drives from there - you may be able to eradicate the culprit without formatting everything (although that is the 'best' option).

 

[sebastianredwood]

https://imgur.com/4Y8z7Xk

View: https://imgur.com/4Y8z7Xk

https://imgur.com/6vR50TX

View: https://imgur.com/6vR50TX

 

[sebastianredwood]

Deletion of partitions takes but a second within the Win10 USB installer...

Installation of WIn10 takes about 5 minutes with any SSD and CPU made within the last 4 years...

Drivers packages, then apps, then WIndows updates...

Or, chase malware 3-6 hours, then up doing the above anyway.

"Best to nuke the site from orbit; it's the only way to be sure!"
Corporal Hicks, Colonial Marines

It took me hours last time..

 

[USAFRet]

It took me hours last time..

A full wipe and reinstall should take no more than 30 minutes.
I did one just the other day, to an HDD.

 

[sebastianredwood]

A full wipe and reinstall should take no more than 30 minutes.
I did one just the other day, to an HDD.

https://imgur.com/a/tDN10VM

View: https://imgur.com/a/tDN10VM

 

[sebastianredwood]

https://imgur.com/a/tDN10VM

View: https://imgur.com/a/tDN10VM

I want to try and find out what it is though and what it's doing.
It doesn't seem to run when I have task manager open, so I'll just have it open from now on.
I might do the reinstall tomorrow.

 

[USAFRet]

Do you want a usable system, or do you want to investigate?

"Investigating", you may go days/weeks, and never ever know...