About two weeks ago, I downloaded the UseNext Usenet software to give it a trial run. It was around this time that I just by chance noticed a weird file in my C:\Program Files\Common Files\ folder named "WUAuthHost.exe". It jumped out at me b/c the file's icon was a picture of a naked lady's backside. I have no idea if I can truly correlate this malware to my use of the UseNext software.
My first inclination was to run a scan using Malwarebytes Anti-Malware 1.75 (most recent version). As I suspected, I was infected, and in addition to there being some infected Registry entries (see screenshot below of Malwarebytes' Quarantine), there were two files that Malwarebytes pointed to:
C:\Program Files\Common Files\WUAuthHost.exe
C:\Users\[NAME]\AppData\Local\Temp\dcomcnfg.exe (this file would alternately show up at C:\Users\[NAME]\AppData\Roaming\dcomcnfg.exe)
Upon telling Malwarebytes to get rid of these nefarious entries, I received a prompt telling me that I needed to restart in order to fully remove them. Now, from prior experience with Malwarebytes, I was under the impression that the program would automatically launch once I rebooted, to at least let me know that it had removed the infections. This did not happen, and, again, I'm not sure if this is part of the problem. So, after rebooting, I simply launched MWB manually, went the the Quarantine tab, and there were the entries that were originally found! I figured I was out of the woods. But then I discovered that those same two files had reappeared, despite MWB appearing to have quarantined them. There is also a process that I noticed in the Task Manager called "Windows Audio HDi Driver", and it's located at C:\Windows\system32\audiohd.exe. There is also a startup entry for this process, which only reappears (upon rebooting) after I delete it.
You can see from the screenshot at the end of this post that there are multiple instances of the malware MWB discovered, all purporting to be in the quarantine. But all I have to do is reboot and they will be back in the same locations they've been appearing in. I'm not sure if MWB is malfuntioning, and not properly getting rid of this malware when it should be, or if it just keeps coming back each time after I quarantine and reboot. Regardless, I'm looking for some expertise in getting rid of this malware. Thanks in advance to anyone kind enough to help me.
Additionally, I just finished running an antivirus scan on my "C:" drive, Operating Memory, and Boot Sector using Eset NOD32 Antivirus v6 (most recent version), and it said no threats were detected.
BTW - All of the options are selected on the Protection tab of MWB, fwiw.