Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Temp Malware that keeps comming back ( help )

  • Please log in to reply
6 replies to this topic

#1 SeekDNStroy


  • Members
  • 10 posts

Posted 03 August 2018 - 10:28 PM

so i have downloaded malwarebytes and other +6 anti malware and antivirus and they delete the malware at first and then a couple of hours later the malware come back...
and i don't know why but in my task manager i have everything above 30% cpu like if i open *Paint* and then close a game that has 40% cpu  Paint will have 40%   ( same with the malware ) 

the malware is always named random .exe like :         winbpfik.exe            winfyhg.exe         prstyd.exe       svhost.exe      


Edited by hamluis, 04 August 2018 - 07:58 AM.
Moved from AV/AM Software to MRA - Hamluis.

BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,300 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:48 AM

Posted 04 August 2018 - 07:59 AM

Please post the FRST data requested at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html as your next post to this topic.



#3 nasdaq


  • Malware Response Team
  • 40,256 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 04 August 2018 - 08:25 AM

Hi SeekDNStroy

Please post the logs suggested by "Louis" I will review them and advise.

#4 SeekDNStroy

  • Topic Starter

  • Members
  • 10 posts

Posted 04 August 2018 - 05:02 PM

FRST  Addition

Attached Files

#5 nasdaq


  • Malware Response Team
  • 40,256 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 05 August 2018 - 07:17 AM


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


() C:\Users\f\AppData\Local\Temp\fwvy.exe
() C:\Windows\Temp\winbsfdc.exe
() C:\Windows\Temp\owcr.exe
() C:\Users\f\AppData\Local\Temp\jlwc.exe
() C:\Users\f\AppData\Local\Temp\winocecgt.exe
() C:\Users\f\AppData\Local\Temp\hfyljt.exe
() C:\Users\f\AppData\Local\Temp\winudnpkq.exe
() C:\Users\f\AppData\Local\Temp\winvenb.exe
() C:\Users\f\AppData\Local\Temp\mqigv.exe
() C:\Users\f\AppData\Local\Temp\winrbfwc.exe
() C:\Users\f\AppData\Local\Temp\jekmaw.exe
() C:\Users\f\AppData\Local\Temp\vjts.exe
() C:\Users\f\AppData\Local\Temp\winhihsna.exe
() C:\Users\f\AppData\Local\Temp\sgmfd.exe
() C:\Users\f\AppData\Local\Temp\wintpee.exe
() C:\Users\f\AppData\Local\Temp\winbmcsa.exe
() C:\Users\f\AppData\Local\Temp\ygnqq.exe
() C:\Users\f\AppData\Local\Temp\quhfek.exe
() C:\Users\f\AppData\Local\Temp\winqpls.exe
() C:\Users\f\AppData\Local\Temp\regg.exe
() C:\Users\f\AppData\Local\Temp\fgfynq.exe
() C:\Users\f\AppData\Local\Temp\winsiifx.exe
() C:\Users\f\AppData\Local\Temp\vfdia.exe
() C:\Users\f\AppData\Local\Temp\dopujj.exe
() C:\Users\f\AppData\Local\Temp\winbyeoq.exe
() C:\Users\f\AppData\Local\Temp\idsk.exe
() C:\Users\f\AppData\Local\Temp\winsdeo.exe
() C:\Users\f\AppData\Local\Temp\qyhgi.exe
() C:\Users\f\AppData\Local\Temp\njfww.exe
() C:\Users\f\AppData\Local\Temp\fhpbw.exe
() C:\Users\f\AppData\Local\Temp\winjsmono.exe
() C:\Users\f\AppData\Local\Temp\winifcj.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-378519289-2413007832-1559701836-1001\...\Run: [BingSvc] => C:\Users\f\AppData\Local\Microsoft\BingSvc\BingSvc.exe [213640 2015-11-05] (© 2015 Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION
SearchScopes: HKU\S-1-5-21-378519289-2413007832-1559701836-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180503__yaie&p={searchTerms}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] ()

cmd: del /q C:\Users\f\AppData\Local\Temp\*.*

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew


Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#6 SeekDNStroy

  • Topic Starter

  • Members
  • 10 posts

Posted 07 August 2018 - 02:18 AM

Ok i'll do that and i'll replay as soon as possible

#7 SeekDNStroy

  • Topic Starter

  • Members
  • 10 posts

Posted 07 August 2018 - 02:34 AM

Okay it worked the virus is gone but iam sure i will come back becuase i tried alot of antivirus and it did work at first but after a day or 2 it came back

give me 2 days and if i didn't reply close the topic




Attached Files

Edited by SeekDNStroy, 07 August 2018 - 03:32 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users