Question This is the work of a remote hacker, right ?

[MattMMMan17]

How do I begin to address these? I'm certain PC is compromised, no AV programs are recognizing it though, whether in normal or safe mode.

This is my parent's pc and they refuse to learn to use Firefox. Im guessing they picked this up via Chrome? First, there's an odd folder just labeled with a string of numbers in the Google Chrome folder containing suspect files. Definitely not a stock installation. Files like "privacysandboxattestation", "iWakeydistribution", and "137.0.7151.69 manifest"

Next, I can see all of these "Windows Processes" in task Mgr that have the appended "_b4743". I went into Services in an attempt to disable them individually but only a few of them allowed it. The others gave the error message "The parameter is incorrect" so I couldn't edit anything.

Third, and of course I forgot the picture of this, the task manager keeps running TeamViewer's remote 'web capture' service to access the pc remotely. As soon as I end the process it's immediately restarted.

If I had an idea of how long these have been on here I'd be comfortable trying to roll back to an earlier time. I'd like to first try removal. I've run scans with Bitdefender, Malwarebytes, and eSet so far. If anyone has a better suggestion I am entirely open to alternate ideas. Thanks for taking the time.

 

[Lutfij]

If anyone has a better suggestion I am entirely open to alternate ideas.
I would disconnect from the www, then backup all mission critical data and leave out all the dodgy looking folders as you've mentioned above, then perform a full wipe of the system, reinstalling the OS after recreating your bootable USB installer for your OS. Once you've got your antivirus/firewall of choice or even Windows Defender, then reconnect back onto the www.

As for protection, you should ask your folks to practice healthy web browsing habits as(goes without saying) intrusive app's can compromise not just the PC but even your personal info/banking details.

 

[Secret-Squirrel]

.......................there's an odd folder just labeled with a string of numbers in the Google Chrome folder containing suspect files. Definitely not a stock installation. Files like "privacysandboxattestation", "iWakeydistribution", and "137.0.7151.69 manifest"

It looks like a "stock installation" to me because my Chrome has those files too. If you're referring to 137.0.7151.69 as being an "odd" folder then that's normal too because it's the Chrome version number.

Regarding your second issue, illustrate what you're seeing with a screenshot or two and a more detailed description.

There doesn't seem to be such a thing as "TeamViewer's remote 'web capture' service". Is TeamViewer installed on that PC?

 

[nuttynut]

If anyone has a better suggestion I am entirely open to alternate ideas.
I would disconnect from the www, then backup all mission critical data and leave out all the dodgy looking folders as you've mentioned above, then perform a full wipe of the system, reinstalling the OS after recreating your bootable USB installer for your OS. Once you've got your antivirus/firewall of choice or even Windows Defender, then reconnect back onto the www.

As for protection, you should ask your folks to practice healthy web browsing habits as(goes without saying) intrusive app's can compromise not just the PC but even your personal info/banking details.

I can confirm that privacy-sandbox-attestations.dat, 137.0.7151.69.manifest, and IwaKeyDistribution are all legitimate files and directories. Sometimes the mind wants to zero in on anything that looks a bit strange. There are a lot of files there, and these are not the kinds of files that would be malicious or indicators of compromise.

Download and run the Farbar Recovery Scan Tool. Share the FRST.txt and Addition.txt files.