What's new
By:
Filters
Runion

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Windows explorer hooked

O

oopsgeneration88

Midle Weight
Депозит
$0
Hello,

Recently i came accross a malware which
I removed from scanning via process hacker & deleted it.

But the problem is whenever i restart explorer a command runs to execute the malware.

I dont have any experience in dotnet though. I can only do php & stuff

kindly help me fix this. I am attaching screenshots of it

Kindly help me fix it
Вложения
screen.png
 
0x43rypt0n сказал(а):
I think this is a userland rootkit backup your important files and go for format better than restore point if the rootkit did not delete it
Click to expand...

I just want to restore the explorer. Rest everything is fine. How can i do that?
 
Пожалуйста, обратите внимание, что пользователь заблокирован
This is a rootkit its really hard to detect and remove i sayed userland rootkit but what if the rootkit is From Kernel And even the EDR/AV cannot see it its really hard and need professionals so i Suggest you reinstall windows and dont download cracked softwares / games any thing cracked stay away
 
0x43rypt0n сказал(а):
This is a rootkit its really hard to detect and remove i sayed userland rootkit but what if the rootkit is From Kernel And even the EDR/AV cannot see it its really hard and need professionals so i Suggest you reinstall windows and dont download cracked softwares / games any thing cracked stay away
Click to expand...

ok
 
i solved it using autoruns app which is available on Microsoft's official website & removed the entry itself or you can use windows 11 manager from yamicsoft & use startup manager's advanced startup function.

Actually it was an adware called Peer2Pilot.

Cleaned my pc scanned with different antivirus & also via distro's

Everything's perfect now
 
oopsgeneration88 сказал(а):
i solved it using autoruns app which is available on Microsoft's official website & removed the entry itself or you can use windows 11 manager from yamicsoft & use startup manager's advanced startup function.

Actually it was an adware called Peer2Pilot.

Cleaned my pc scanned with different antivirus & also via distro's

Everything's perfect now
Click to expand...
Пожалуйста, обратите внимание, что пользователь заблокирован

Good then there is no Hooked on explorer.exe maybe the watchguard was checking if process ended and if yes create the process Again , Anyway Nice that you fixe it
 
0x43rypt0n сказал(а):
Good then there is no Hooked on explorer.exe maybe the watchguard was checking if process ended and if yes create the process Again , Anyway Nice that you fixe it
Click to expand...

Well see i used many tools ultra virus killer which provides realtime virustotal scan. Anyways this was an outdated adware & had no connectivity to CC & somehow managed to unhook it. I know it's hard to be safe anyways on windows

Now no awkward processes running. I actually remove all unwanted apps on windows so i can track what processes are running.

Fingers crossed now. let's hope for best. I don't have anything on work laptop though except for web dev stuff. No accounts & wallets or any logs
 
You must log in or register to reply here.
Top