(Toshiba laptop, approx 3 years old, Win 8.1 64-bit, InternetExplorer v11)
At this moment, my symptoms are
1) NortonAV constantly notifies me that it's blocking various attacks by:
- System Infected: Trojan Bedep Activity
- System Infected: Trojan.Backdoor Activity 129
- Web attack: Exploit Kit Redirection 4
- Web attack: Exploit Kit Redirection 7
- Web attack: Exploit Kit Redirection 13
Within NAV, it says some of the attacks are coming from qrwzoxcjatynejejsz.com (18.104.22.168), and allofuslikesforums.com(22.214.171.124).
2) thousands of temporary internet files are constantly being created (10,000 in about 10 minutes, using 120MB storage); however, it doesn't stop. I have to run CCleaner every 10-15 minutes to clear out files, else, the files keep growing and InternetExplorer will stop working.
3) large amounts of network activity, connections, listening ports, etc..., are immediately started, even without opening IE. It appears #2 and #3 are related.
Now, to start somewhat at the beginning. As best I can tell, I was attacked by some type of ranson malware (not the encryption type as nothing yet appears to be encrypted), while I was multi-tasking. For example, I had multiple instances open of the following: MSExcel, MSWord, MSVisio, AdobeAcrobat, Internet Explorer (with probably 10 tabs open), and maybe MSPaint. That's alot of stuff open at one time, but if I run CCleaner every hour or so, it'll keep IE running okay.
Anyway, as the computer was just starting to slow down, and just before I was going to run CCleaner, the ranson page came up. I didn't have time to read it exactly, as I immediately killed IE, via TaskManager, and unplugged the internet connection. I closed all the programs, ran CCleaner, then shutdown completely.
Waited a few minutes, then rebooted. All seemed normal, and I was slowly getting back into my work routine. At some point things seemed to slow down a little bit. Then all of a sudden, NortonAV tells me that there's an abnormal amount of outgoing network traffic, and thinks it's a malware that it can fix. It mainly deleted a file named recovery60.dll (I think it did so via the Power Eraser). Of course, it had to reboot, and then I ran full scans with NortonAV, MalwareBytes(free), Spybot, CCleaner, and updated SpywareBlaster. I also updated and ran AdwCleaner, and ran JRT.
Everything pretty-much says the system is clean. However, then I start getting the notifications that NAV is blocking miscellaneous attacks. The notifications are constant, and IE gets slow fairly quickly, but I have to continuously run CCleaner to stay online.
I've re-run the above softwares several times, but nothing is stopping the current symptoms. But at least the computer is somewhat usable for now.
Now I need help from this forum.
For what it's worth, I've noticed that BleepingComputer always advises to not change anything while performing their tasks, but I'll have to continuously run CCleaner if I'm to stay on the computer for some length of time.
Thanks in advance,