Do i have Malware?

bendacav

Prominent
Aug 26, 2017
6
0
510
where do i go to ask about malware on my pc? i literally just google searched "PC forums" i went here. If this is not the best place to ask, could you please direct me. Otherwise, here is my issue.

A while back i installed Norton Security after finding around 7 instances of COM Surrogate running at the same time. I did a full system scan, and i assumed it was fixed.

Currently there are 3 instances of COM Surrogate running. 2 of the running under "user" 1 of them running under "SYSTEM". This isn't always the case, there are usually 2 running, but sometimes there is only 1 running, and sometimes non running.

There are also instances of "csrss.exe" running. 2 instances of "nsbu.exe" running (which is norton related, 2 instances of "nvcontainer.exe" running, 4 instances of "nw.exe" running (which is HTC Vive related), and 16 instances of "svchost.exe" running.

"Crss.exe", "nsbu.exe", and "nvcontainer.exe" have both a "SYSTEM" instance and a "User" instance.

Norton can't seem to detect any malware on my PC. However it may be because the malware is disguising itself as other system processes

Something else i feel like is worth mentioning, is when i open Task Manager, the COM Surrogate process sometimes appears to have up to 10 separate processes running, then quickly disappears to 1 or 2.

Im not experiencing any noticeable reduction in PC performance.

I want to know whether or not im infected? after google searching, the signs would point to yes.

If i am, norton doesn't seem to be of any help, what else can i do?
 
Solution
WIndows has a pretty wide array of assorted processes running, services starting/stopping at whenever they choose, etc...

Although there have been malware samples that have hidden behind legit processes such as you mentioned, normally PCs have some sluggishness symptoms, high cpu usage, etc. .. Did you have reason to think you might have been infected? (I would find many processes closing down the instant I open task manager to be curious/suspicious, however, unless it was just a coincidence...)

A quick pass each with TDSSKiller, RKill, Roguekiller, and Malwarebytes (JRT/AdwCleaner/ and Antimalware) and perhaps Hitman Pro as well....

If none find anything, you can be perhaps 99% sure you are 'clean'. If still genuinely concerned...

mdd1963

Distinguished
WIndows has a pretty wide array of assorted processes running, services starting/stopping at whenever they choose, etc...

Although there have been malware samples that have hidden behind legit processes such as you mentioned, normally PCs have some sluggishness symptoms, high cpu usage, etc. .. Did you have reason to think you might have been infected? (I would find many processes closing down the instant I open task manager to be curious/suspicious, however, unless it was just a coincidence...)

A quick pass each with TDSSKiller, RKill, Roguekiller, and Malwarebytes (JRT/AdwCleaner/ and Antimalware) and perhaps Hitman Pro as well....

If none find anything, you can be perhaps 99% sure you are 'clean'. If still genuinely concerned even with no detections, then, assuming you have your data backed up, have valid product keys reducing qualms/concerns over reinstalling software, then deleting partitions, quick formatting/ an reinstalling from scratch will certainly clear all infections not planted by 3 letter Alhpabet agencies. :)
 
Solution

bendacav

Prominent
Aug 26, 2017
6
0
510


Firstly thanks for responding.

The instances of "COM Surrogate" quickly disappearing when i open task manager is fairly often (but doesnt happen all the time, maybe 1 in every 3 times)

I have tried other free malware detection software, and they tell me my PC is 'clean'. However im not to quick to assume they are right.

My original suspicions arose when a game (overwatch) started to randomly minimise every once and awhile. After the game minimised, some kind of window would appear in the top left then quickly disappear. This would happen every 30-60mins. This would persist even after restarting my computer, and would sometimes (while not as often) happen in other games (GTA, league, etc). One reason was possible malware, so i begun to google search all the possibly suspicious processes in my task manager.

At the time "COM Surrogate" would appear about 5-10 times down the task manager. My google searches would indicate this was malware, so i invested into buying some long over due virus protection software (Norton Security). After doing a full system scan, norton removed a bunch of little things it said was of "medium" threat. The minimising glitch stopped occurring, but the COM Surrogate processes would still sometimes appear in multiple instances (but not all the time).

This has been eating away at the back of my mind. Im not sure whether any malware still persists. I first want to know if there is in-fact any malware on my computer, then what i should do to remove it. A system reinstall is a big effort, and i would rather not do that (i have around 5 terabytes of data on this PC).

What is your opinion on how i should proceed? Is multiple instances of crucial system processes normal? Or should i seek some better detection software?

Also, i just loaded up activity manager again, and 2 instances of "COM surrogate" shut down almost instantly leaving just 1. (the 2 that shut down are running under "user", while the 1 that remains is running under "SYSTEM")
 

bendacav

Prominent
Aug 26, 2017
6
0
510


it wasn't this. As i stated, the glitch stopped after Norton did the system scan. Although im still worried becuase the "COM Surrogate" process still appears in multiple instances
 

mdd1963

Distinguished
I have 2-3 Com Surrogates at times as well....; in fact, two disappeared within 2 seconds of opening task manager. Repeatedly.

You might be chasing nothing....

If you want to be POSITIVE, nuke and pave, and continue to NEVER download untrusted game patches from untrusted servers, etc...
 

bendacav

Prominent
Aug 26, 2017
6
0
510


ok well great! thats extremely reassuring to hear! As far as my research has gone, all the forums have said there should only ever be 1 instance of "COM Surrogate". But the other ones might just be separate processes for the same thread (?)

I have Norton now, and i'm fairly cautious with what i download, so i should be fine with future viruses. Thanks for the help, i feel convinced now that my computer is in fact clean :)
 

mdd1963

Distinguished
There was some COM surrogate 'fileless' malware that was very nasty about 3 years ago, but, it was seriously affecting computer performance...; the malware would delete it's own file, and run only in memory, hide itself, and recreate itself at shutdown in a file, etc....

It took a few months to defeat, but, NPE was one of the first to come up with a procedure for defeating it.

But, for sure, I also see 2 COM surrogates that close 1-2 seconds after opening task manager...
 

bendacav

Prominent
Aug 26, 2017
6
0
510


Well thats good! (of course there is always the option that all our PCs are infected :p )

Could i also ask whether you see 2 instances of both "csrss.exe" and "conhost.exe"? google also told me these may also be viruses. Probably not though...
 

bendacav

Prominent
Aug 26, 2017
6
0
510


Alright, well i'm convinced my computer is clean! thanks for all the help guys! :D