Upon installing said software (Nox app player) from bignox.com, i came across this which raised my attention but i didn't put too much thought to it. I placed their ips on hosts and blocked them, and got on with my life. That was 2 months ago.
It was recently that i got fed up with nox and promptly uninstalled it. However, i still see these appear everytime i use my pc. I'm terribly worried that it has drilled itself into my programs and software.
I have Malwarebytes, i update windows defender often, and they always end with a virus free scan. I went online and searched for answers, but little came up as none were similar to my situation. I did manage to pick up a few tools to investigate further, which further shocked me.
Please take a look at the screenshots.
When i first noticed the problem This was after i've scrubbed my pc clean of anything nox, ie i removed everything that had "nox" in name, purged registry with everything "nox app player" related, and then multiple virus scans afterwards. It is a point to note that at no time did my antivirus flag nox.
After i discovered netstat could help me peek at network transactions that i realised how wide the issue was. Every single instance
of 127.0.0.1 was a blocked process attempting to communicate with 8.bignox.com as i will show promptly. The follow screenshots come from "process explorer" to take a deeper peek at individual services.
Process 9100 (discord)
Process 5356 (utorrent)
Process 5874, 1476 and 7484 (all firefox) they were identically like this.
Process 6000 Legitimate Nvidia program.
Program 3084 similar to 6000
This is the chilling part, It seems to have infiltrated windows as well! omg!
Process 3000
Process 3404
Nothing seems out of the ordinary for these applications, infact virustotal reports 0/60 for all of these infected applications except for utorrent, which was flagged at 2/60.
Please, any help would be appreciated. [redacted] this company and what they did to my pc. I'm fairly tech savy, i hope. But i doubt this is a battle even i can fight.
It was recently that i got fed up with nox and promptly uninstalled it. However, i still see these appear everytime i use my pc. I'm terribly worried that it has drilled itself into my programs and software.
I have Malwarebytes, i update windows defender often, and they always end with a virus free scan. I went online and searched for answers, but little came up as none were similar to my situation. I did manage to pick up a few tools to investigate further, which further shocked me.
Please take a look at the screenshots.
When i first noticed the problem This was after i've scrubbed my pc clean of anything nox, ie i removed everything that had "nox" in name, purged registry with everything "nox app player" related, and then multiple virus scans afterwards. It is a point to note that at no time did my antivirus flag nox.
After i discovered netstat could help me peek at network transactions that i realised how wide the issue was. Every single instance
of 127.0.0.1 was a blocked process attempting to communicate with 8.bignox.com as i will show promptly. The follow screenshots come from "process explorer" to take a deeper peek at individual services.
Process 9100 (discord)
Process 5356 (utorrent)
Process 5874, 1476 and 7484 (all firefox) they were identically like this.
Process 6000 Legitimate Nvidia program.
Program 3084 similar to 6000
This is the chilling part, It seems to have infiltrated windows as well! omg!
Process 3000
Process 3404
Nothing seems out of the ordinary for these applications, infact virustotal reports 0/60 for all of these infected applications except for utorrent, which was flagged at 2/60.
Please, any help would be appreciated. [redacted] this company and what they did to my pc. I'm fairly tech savy, i hope. But i doubt this is a battle even i can fight.