Dell XP5 PC running Windows 10 Pro 64-bit.
Browser: Internet Explorer version11.0.10240.16431
Second Browser: Moxilla Firefox version 41.0.1
Standard OS Firewall and Windows Defender.
So yesterday I was hit whilst I was investigating a P2P website.
Not sure what click wot click did it but...
1. A Chinese script +chinese ads pop-up appeared bottom right screen.
2. Random large obtrusive pop-ups appeared in centre of screen all Chinese or Asian text.
3. Browser hijack to default website called "hsiao123/[text string very long following]"
4. Random automatic visits, when IE11 opened, to:
The tab in IE11 was in Chinese symbols only at that website.
5. Windows Defender somehow "Turned off as Group Policy".
6. Loads of additional PUPs, many Trojans, 2 Rootkit viruses, and over 3,200 malware elements identified by MBAM in chameleon mode.
WHAT HAVE I DONE SO FAR?
a) MBAM full scan - required windows SAFE mode and run in chameleon mode to successfully operate. Huge amount of malicious stuff including one rootkit successfully removed as far as I can see.
b ) Windows 10's "gpedit" to re-activate Windows Defender in Group Policy successfully.
Identified that Defender had been running OK as usual doing scheduled scans until earlier that morning.
Defo had been scuttled by malware not user error.
c) Defender full scan. The second Rootkit virus identified and removed. Approx 300 other malicious viruses, malware, and PUP elements removed. Reboot.
d) CCleaner to remove registry remnants - approximately 600 changes made. Reboot.
e) HitmanPro latest version - another 33 malware elements and some sundry PUPs removed. Reboot.
f) CCleaner registry again. Reboot to Safe mode.
f) Tdsskiller in Safe mode, and then in normal mode. Nothing found.
g) RogueKillerX64: sundry malware and PUPS removed. Reboot to Safe mode.
h) SuperAntiSpyware run in Safe mode, lots of additional malware and PUPs removed.
i) CCleaner registry cleaned again. Reboot.
j) Adware Cleaner 5.015 - some more stuff removed. Reboot.
k) Adware Removal Tool - some more stuff removed. Reboot.
l) CCleaner registry again. Reboot.
m) JunkRemovalTool JRT removed stuff. Reboot.
n) Defender run in normal mode. Another malware/PUP removed. Reboot.
o) CCleaner registry again. Reboot.
Adware removal tool clear.
All Browsers flushed and with default settings.
No abnormal apps in list.
No abnormal icons on desktop.
Nothing strange to me, on inspecting windows program folders.
1. Chinese pop-ups still there, and //www.jonline.com still happening when IE Browser open.
2. TaskManager shows high usage by a process called vcboa.exe (32 bit)
There are THREE active processes in Task Manager with that name.
All three carry the same strange symbol logo found on the Chinese pop-ups
Location is: C:\Users\Andrew\AppData\Roaming\afght\xxsxvr
Associated file is: tqMeepo.dll found at same location.
Signature list = Wuanyo Electronic (Shanghai) Co. Ltd., Digest Algorithm = sha1
I've manually deleted \afght\xxsvr and all contents, in all users.
This may not be the only problem remaining on my PC!
What must I do now?