Yesterday (25th) I downloaded a program, google said it was infected but I ignored it and continued the download. I then ran the program and nothing happened, oh crap. 1 minute later I get spammed with "Powershell stopped working", random empty CMD's open up and dissapear, eventually it says Windows has crashed and the PC was shut down. I boot into safemode and did a virus scan and tried to remove the malware/virus. I restarted my PC and then downloaded Malwarebytes. It detected 114 virusses. Removed them, restarted PC. I log back in and I see Notepad is opened with a message:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
I was freaking out.
I thought it was gone.
I typed tasklist in CMD and saw a task "gbije.exe" from "Ophiuran Epimyocardial". Looked on Google and it was malware.
Malwarebytes didn't detect it so I downloaded RogueKiller. It actually did detect gbije.exe and 27 other things! Now I was spectating gbije.exe in task manager and the location in the folder and click eliminate. The tasks shut down. But it was still stored in a folder! https://image.prntscr.com/image/ca1305754fe745be9907158b17a3a933.png
RogueKiller said I had to reboot to finish it and I did. I log back in and notepad is opened again
https://image.prntscr.com/image/c76dd18f35164a5c9320122a238e802c.png
I think I enabled it again because of the reboot and it was not removed in the folder. But I cannot find the task again.
https://image.prntscr.com/image/b9727fc64d074abb95e70e08f987955f.png
What do I do?
https://prnt.sc/fcen2s
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
I was freaking out.
I thought it was gone.
I typed tasklist in CMD and saw a task "gbije.exe" from "Ophiuran Epimyocardial". Looked on Google and it was malware.
Malwarebytes didn't detect it so I downloaded RogueKiller. It actually did detect gbije.exe and 27 other things! Now I was spectating gbije.exe in task manager and the location in the folder and click eliminate. The tasks shut down. But it was still stored in a folder! https://image.prntscr.com/image/ca1305754fe745be9907158b17a3a933.png
RogueKiller said I had to reboot to finish it and I did. I log back in and notepad is opened again
https://image.prntscr.com/image/c76dd18f35164a5c9320122a238e802c.png
I think I enabled it again because of the reboot and it was not removed in the folder. But I cannot find the task again.
https://image.prntscr.com/image/b9727fc64d074abb95e70e08f987955f.png
What do I do?
https://prnt.sc/fcen2s
Facebook
Twitter