I think I WAS infected - Virus, Trojan, Spyware, and Malware Removal Help (2024)

A few days ago, I was looking around the internet for a program for Nvidia called Nvidia Profile Inspector, to allow me to edit game profiles to give me a boost in GPU performance. It didn't work though, so I reset the edited profile to its original settings.

If anyone want to check out the files themselves if they're safe, here is the link: https://github.com/Orbmu2k/nvidiaProfileInspector/releases

I then went around to VirusTotal and uploaded the .zip and .exe files, nothing was detected, but the .exe file was somehow related to 4 other known malicious files that is known to VirusTotal, one of which is a Trojan. I then initiated a System Restore, to somehow reverse any system changes I have done, and ran a scan with ESET, Malwarebytes and Window's in-built Anti-Virus. Both Malwarebytes and the in-built Anti-Virus didn't pick up anything, ESET did pick up a PUP in my system, a file ending in .msi in C:\Windows\Installer, which it also never picked up before.

I just want a peace of mind that my laptop is clear of anything malware/virus/spyware, especially since this laptop was "stuck" for the past 4 years with very outdated software.

Here are the FRST and Addition logs.

Attached Files

• FRST.txt 86.15KB6 downloads
• Addition.txt 44.6KB6 downloads

startCreateRestorePoint:CloseProcesses:HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTIONFF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTIONTask: {55526CF7-B06E-4D07-B29C-865AF2F1B86D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTIONCHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No FileContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No FileContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No FileContextMenuHandlers1: [Briefcasem*nu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No FileContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No FileContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No FileContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No FileContextMenuHandlers6: [Briefcasem*nu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No FileContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No FileAlternateDataStreams: C:\Users\andre\Downloads\chrome.exe:SmartScreen [7]FirewallRules: [TCP Query User{A5CF9EFC-D0B0-4024-9497-21211194B0A8}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No FileFirewallRules: [UDP Query User{6FBC6D3F-D772-4D44-9841-92CC3CD10825}D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No FileFirewallRules: [{A0C8A438-DE56-4A25-BD02-B00889086A5D}] => (Block) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No FileFirewallRules: [{DECAC2BB-3BA2-46A0-84CC-0F9E951A3939}] => (Block) D:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No FileFirewallRules: [{3FACDB22-A99E-43C1-A6D7-97C46BB45AB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No FileCMD: netsh int ip resetCMD: ipconfig /flushDNSCMD: "%WINDIR%\SYSTEM32\lodctr.exe" /RCMD: "%WINDIR%\SysWOW64\lodctr.exe" /RCMD: "C:\Windows\SYSTEM32\lodctr.exe" /RCMD: "C:\Windows\SysWOW64\lodctr.exe" /REmptyTemp:End

https://whatis.techtarget.com/fileformat/MSI-Installer-package-Microsoft-Windows

https://www.virustotal.com/gui/

Attached Files

• Fixlog.txt 8.19KB2 downloads