Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"zed.exe" just won't go away.


  • This topic is locked This topic is locked
5 replies to this topic

#1 markscalise2017

markscalise2017

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 11 September 2017 - 10:34 AM

I am trying to post a reply to another thread on this board and it's not letting me. The thread is called " "zed.exe" virus/malware (malwarebytes detects it as a "RiskWare.BitcoinMiner") ", and my Windows 10 Pro desktop is infected with the same. Malwarebytes finds it, quarantines it, I delete it, and then it comes back again on its own.


Edited by britechguy, 11 September 2017 - 01:34 PM.
Split from Introductions so the correct eyes would be on this message.


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,785 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:11:08 PM

Posted 11 September 2017 - 01:34 PM

Escorted new member here.  He had been trying to post to the similarly titled thread in Malware Removal Logs and did not understand why that would not work.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:08 PM

Posted 11 September 2017 - 06:06 PM

Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

Edited by britechguy, 11 September 2017 - 06:14 PM.
Thread moved to Malware Removal Logs per staff request

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 markscalise2017

markscalise2017
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 11 September 2017 - 07:20 PM

Hi and thank you. I did not run Farbar, but I found a workaround. After deleting Zed a couple of times and having it come back, I noticed it kept installing to C:\Users\owner\AppData\Local\Temp\nvd. I deleted the nvd folder and immediately created a new folder with the same name. I then adjusted the security settings on that folder to DENY all permissions for all listed group and user names, including the Owner account. I've been monitoring Task Manager and watching my core temps (Zed shot CPU usage and core temps through the roof), and it hasn't yet returned. I'm hoping this will serve as a patch solution until there's a software fix to permanently whack Zed from wherever it's still hiding in my machine.



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:08 PM

Posted 11 September 2017 - 08:35 PM

It is not that easy. More files and tasks are needed to be removed. They will return.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,545 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:08 PM

Posted 14 September 2017 - 05:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users