ryptoMiner, Trojan.AU, Lost Admin Access, New Admins

[gabmacent]

The event took place on October 13, 2018.



My laptop got infected by a cheat for a game downloaded by my classmate without my consent.



After the infection, I lost my ability to:

Administrator Rights
Open TaskManager
Open ControlPanel
Everything except the browser and some applications
After the infection, something wrong happened:

Flickering screen
High CPU Usage
Weird Unknown Admin Users
Computer felt slow
Unable to turn on Windows Defender
Weird process on task manager
How I solved the issue, I followed this article step by step.

https/www.bleepingcomputer.com/virus-removal/remove-console-window-host-conhost.exe-monero-miner#rkill
It seems quite useful but I still don't feel safe nor comfortable.

Still not fixed. The CPU Usage was still high.



https/gyazo.com/4bc91ccf5fc09c5467db2572685d2688



I'm here to get any help from any of you guys. This trojan kicked my ass off.

 

[DSzymborski]

Time for a full wipe and reinstall.

 

[CrazyDingo]

Yeh, clean install is probably the only practical way for you to get a clean machine.

 

[USAFRet]

Either recovery from a full drive backup you made before this happened, or a full wipe and reinstall.

 

[Shoomer]

What you need to do is fire your classmate into the Sun. With no packed lunch.

 

[gabmacent]

LOL!?

Wth full wipe and reinstall srsly

it gonna make me depressed cuz there's so many things to backup and to lost

 

[USAFRet]

LOL!?

Wth full wipe and reinstall srsly

it gonna make me depressed cuz there's so many things to backup and to lost

Yeah, seriously.
Some infections are not "fixable" Like this one.

If you had an actual backup, fixing this would take maybe 20 minutes.
But if you had that, we wouldn't be discussing this.

 

[CrazyDingo]

Well here's some salt I'm sure you don't want - that's why everyone says backup regularly, because you don't usually have warning lights pop up on your computer advising that you're about to loose access to everything on the SSD / HDDs.

 

[DSzymborski]

LOL!?

Wth full wipe and reinstall srsly

it gonna make me depressed cuz there's so many things to backup and to lost

Generally speaking, if a wiped hard drive or a broken hard drive needing to be replaced causes you to lose data, you have a serious data backup problem. Backing up important data is a basic part of PC ownership, no different than changing the oil in your car or the air filter in your furnace/AC. Losing an OS hard drive should cause nothing more than a slight annoyance.

 

[catilley1092]

This is why I create Full backups of the 'C' drive weekly to a external drive, and don't store items of importance on the computer any longer than necessary (long enough to disconnect from network & save to external).

It's a bit of work, for most of us who has an SSD installed, the included drive (if OEM machine) can be placed in an enclosure or docking station to create backup images with Macrium Reflect, the best free solution, now with WinPE. Can also be used to clone drives & also has an option under 'Other Tasks' to add it to the boot menu for even faster backup/restore/clone tasks, Although it's best to create rescue media or at the minimum, an ISO to create & store on an external for when needed.

Physical backups are the best restore points ever. If performed regularly, can get most out of any software jam, as well as migrate to the same size or larger drive when needed. It's best to always keep the first 3 backups after a new install of Windows, as well as the last three or more, as drive space permits. I backup OEM machines before booted the first time, provided I can boot the media before Windows loads. This used to be easy with 2.5" & 3.5" drives were installed, nowadays many has soldered M.2 drives, making it hard, although not impossible, to do the same.

Some may ask, why would one want to backup a drive before Windows boots the first time? Should I want to sell/donate the computer. that person will have the same out of the box experience as myself.

At any rate, backups should be part of one's security portal & it's a 'get out of jail free card' should one's drive become encrypted by a really nasty infection. Be sure to backup connected data drives as well.

Cat