halp plez

[MorganO]

so hi,

i downloaded a dodgy file today, and clicked what i thought to be a .txt file but instead it was a minmized windows powershell script?what my friend said(he downloaded the same thing but didnt do anything with it)

it appears everything is using an abnormal amount of ram , i usually get 25% max ram usage 

how can i fix this, ive run malwarebytes and it came up with nothing

[stealth80]

4 minutes ago, KOMTechAndGaming said:

so hi,

i downloaded a dodgy file today, and clicked what i thought to be a .txt file but instead it was a minmized windows powershell script?what my friend said(he downloaded the same thing but didnt do anything with it)

it appears everything is using an abnormal amount of ram , i usually get 25% max ram usage 

how can i fix this, ive run malwarebytes and it came up with nothing

Tried spybot?

[MorganO]

1 minute ago, stealth80 said:

Tried spybot?

i shall try

[MrImnotMLG]

Let's all agree to use this as a learning experience. Try looking under details to see if you find something unusual.

[MorganO]

1 minute ago, MrImnotMLG said:

Let's all agree to use this as a learning experience. Try looking under details to see if you find something unusual.

i cant seem to find anything unusual besides notepad being open and using 300mb of ram  besides that everything seems fine

[Brooksie359]

2 minutes ago, KOMTechAndGaming said:

i cant seem to find anything unusual besides notepad being open and using 300mb of ram  besides that everything seems fine

yeah I've done something stupid like this before. i ended up just reinstalling windows because it was too much work to figure it out and the computer was getting a bit cluttered anyways. 

[RadiatingLight]

3 minutes ago, KOMTechAndGaming said:

i cant seem to find anything unusual besides notepad being open and using 300mb of ram  besides that everything seems fine

really? everything is using 300mb. even task manager.

it's not normal.

[Terrorjoekel]

If it was a powershell script you should easily be able to see what it does. Try posting some code out of it when you open it as a textfile. There are a ton of executables like this that will never get detected by anti-virus. They connect to a control server to punch trough the firewall from the inside out, from thereon they can potentially do anything. You can always try taking a look at your connection log should your router support that. 

 

I had to reinstall a server recently because it was connection to controlservers in Russia and China.... MBAM and Spybot couldn't detect a thing.

[Xreldo]

4 minutes ago, KOMTechAndGaming said:

i cant seem to find anything unusual besides notepad being open and using 300mb of ram  besides that everything seems fine

its hidden and its waiting for right time to strike just reinstall windows.

[MorganO]

1 minute ago, RadiatingLight said:

really? everything is using 300mb. even task manager.

it's not normal.

i already know i dun fucked up

[MorganO]

1 minute ago, Terrorjoekel said:

If it was a powershell script you should easily be able to see what it does. Try posting some code out of it when you open it as a textfile. There are a ton of executables like this that will never get detected by anti-virus. They connect to a control server to punch trough the firewall from the inside out, from thereon they can potentially do anything. You can always try taking a look at your connection log should your router support that. 

 

I had to reinstall a server recently because it was connection to controlservers in Russia and China.... MBAM and Spybot couldn't detect a thing.

it ran minimized never saw what it does

and it was forced minimized 

[Terrorjoekel]

1 minute ago, KOMTechAndGaming said:

it ran minimized never saw what it does

and it was forced minimized 

I'm guessing it was not a powershell script then, powershell scripts can easily be read with any textprocessor such as notepad. A compiled executable will be a whole other story.

[MorganO]

1 minute ago, Terrorjoekel said:

I'm guessing it was not a powershell script then, powershell scripts can easily be read with any textprocessor such as notepad. A compiled executable will be a whole other story.

my friend said it was something like that  then idk wtf it is, when i double clicked it, windows said do you want to run it-

[Lord Nicoll]

18 minutes ago, KOMTechAndGaming said:

so hi,

i downloaded a dodgy file today, and clicked what i thought to be a .txt file but instead it was a minmized windows powershell script?what my friend said(he downloaded the same thing but didnt do anything with it)

it appears everything is using an abnormal amount of ram , i usually get 25% max ram usage 

how can i fix this, ive run malwarebytes and it came up with nothing

Either reinstall windows (and be very careful what you back up, some of the more sophisticated worms and viruses can infect everything but I've never seen it first hand.) If you want you can quanintine the PC and spend the next million years looking. Maybe try an avast! boot time scan, that can find some of more hidden attacks, but I'm sure windows reinstall is all that'll help.

[MorganO]

1 minute ago, Lord Nicoll said:

Either reinstall windows (and be very careful what you back up, some of the more sophisticated worms and viruses can infect everything but I've never seen it first hand. If you want you can quanintine the PC and spend the next million years looking. Maybe try an avast! boot time scan, that can find some of more hidden attacks, but I'm sure windows reinstall is all that'll help.

i have 760GB of games on a seperate drive, can unplug said drive and reinstall windows and thenredirect steam/origin? 

[Lord Nicoll]

1 minute ago, KOMTechAndGaming said:

i have 760GB of games on a seperate drive, can unplug said drive and reinstall windows and thenredirect steam/origin? 

Yes, you can tell steam where the drive is, while I'm doubtful it could spread that much, it already seems epidemic and well hidden. 

[WkdPaul]

Thread moved to the Troubleshooting section

[MorganO]

2 minutes ago, Lord Nicoll said:

Yes, you can tell steam where the drive is, while I'm doubtful it could spread that much, it already seems epidemic and well hidden. 

What ever the two processes are hear 500mb each are i can kill them fine but they keep coming back and they definitely werent there before

[WkdPaul]

10 minutes ago, Terrorjoekel said:

I'm guessing it was not a powershell script then, powershell scripts can easily be read with any textprocessor such as notepad. A compiled executable will be a whole other story.

powershell scripts can easily be run minimized.

 

12 minutes ago, KOMTechAndGaming said:

it ran minimized never saw what it does

and it was forced minimized 

right click the file and if it's a script then select "edit", that should open it in notepad.

 

Also make sure to unhide file extentions in Windows, that will prevent things like this to happen.

[Lord Nicoll]

1 minute ago, KOMTechAndGaming said:

What ever the two processes are hear 500mb each are i can kill them fine but they keep coming back and they definitely werent there before

Well they're probably it, try and isolate them, idk if normal windows has any options like that. You'll need to hunt them down, but use an avast boot time scan, but it might take upwards of 5 hours, I once ran it on a server with a RAID 5 array and 12 TB, it took 18 hours.....

[WkdPaul]

2 minutes ago, KOMTechAndGaming said:

What ever the two processes are hear 500mb each are i can kill them fine but they keep coming back and they definitely werent there before

*snip*

 

right click the process and select "go to detail", that should give you more info on what's going on.

[RadiatingLight]

reinstall windows. unplug all drives except for the boot drive (or don't, but just don't touch the partitions on the extra drives, which requires you to know the drive numbers.)

[MorganO]

1 hour ago, RadiatingLight said:

reinstall windows. unplug all drives except for the boot drive (or don't, but just don't touch the partitions on the extra drives, which requires you to know the drive numbers.)

 

1 hour ago, wkdpaul said:

 

right click the process and select "go to detail", that should give you more info on what's going on.

 

1 hour ago, Lord Nicoll said:

Well they're probably it, try and isolate them, idk if normal windows has any options like that. You'll need to hunt them down, but use an avast boot time scan, but it might take upwards of 5 hours, I once ran it on a server with a RAID 5 array and 12 TB, it took 18 hours.....

i just reinstalled windows and wiped eveyrthing but my steam drive, eveyrthing seems to be fine now

[Lord Nicoll]

1 hour ago, KOMTechAndGaming said:

 

 

i just reinstalled windows and wiped eveyrthing but my steam drive, eveyrthing seems to be fine now

Well that's good, but sure sucks. Remember to do weekly backups

 

[MorganO]

13 hours ago, Lord Nicoll said:

Well that's good, but sure sucks. Remember to do weekly backups

 

dont have the spare storage to do so  i didnt lose anything important/anything i can get back easily