i've carelessly executed .vbs file and today I noticed that secure internet connection doesn't work in firefox and dropbox. Also, steam exhibited some difficulties in logging in (but that could be just steam). Chrome is working normally.
Other symptoms are that windows firewall and windows defender are turned off when I start the computer. I can turn the firewall on, but defender is blocked by group rule (I managed to override this by deleting the registry key). I ran windows defender but it didn't find anything. There was also an error while trying to install optional windows update.
Here is some info that seems related to my case: http://www.malware-traffic-analysis.net/2016/07/25/index4.html
Just like in this example, malware was in .vbs file and I have SYS>mycomputername<.exe showing in task manager. If I shut down this process I'm unable to access internet anymore (something about proxy not being set up properly).
This exe runs from this folder: c:\Users\username\AppData\Local\Temp\Java
Contents of it are:
I've deleted FRST.txt content as it seems i've resolved my problem and I don't want anyone waste time reading through it.
Here's what I did.
I've deleted content of Java folder and removed entries from registry. After reboot SYS>mycomputername<.exe didn't show up again and my firewall wasn't blocked. Windows defender was blocked again, but I imagine that could be due to something else (could some antivirus software block it?). Then I manually chnged proxy settings in internet options, firefox and dropbox. And now it seems everything is back to normal. I hope I didn't do more harm than good, but I was really uncomfortable with this situation and was very close to format my computer.
Let me know if I should do another FRST scan to check whether some malware is still present in my system. I'd appreciate if someone qualified would take a look at it.
Edited by KiriKaeshi, 13 September 2016 - 03:35 PM.