Need help cleaning up malware

[Evellence]

Hello lads,

 

I just had "Federicas domain service app" in task manager using all of my CPU. Turned it off and it seems fine for the moment, its not returning, for now. I'm kinda worried about it. 

 

Things i did so far:

-Disabled internet connection

-Ended task for it on task manager 

-Ran rkill (no results) 

-Ran Malware bytes with "scan for rootkits" option (had 1 result in %appdata for something about chrome)

 

Any tips what should i do next? Better safe than sorry. 

 

EDIT: Thread was automatically moved here. 

Edited December 30, 2017 by Evellence

[TheMarius97]

Well, to be safe: rescue all your data and start off fresh.

[ExplosiveSloths]

Do you do regular back ups?

If so, I'd probably advise that.

[Evellence]

1 minute ago, ExplosiveSloths said:

Do you do regular back ups?

If so, I'd probably advise that.

I did not. Sigh... Was thinking formating PC to be the last option. 

[ExtraBlackMonster]

install Antivirus and scan your PC (full scan after updating the database)

Recommended: Kaspersky or Bitdefender
you can download a trial version for 30 days, make sure it's useful before purchasing
Kaspersky: https://www.kaspersky.com/downloads/thank-you/free-antivirus
Bitdefender: https://www.bitdefender.com/Downloads/
back up will helps for sure, but make sure all your files are clean of Virus/Malware first. 

 

NOTE: maybe you can disable "Federicas domain service app" from starting up with your windows, to do so:
- if you have Windows 7 press Windows key + R = to lunch Run window than type msconfig, a message may appear with (yes/No) buttons, press yes, go to startup programs tab, select unnecessary programs and disable them. note: "Federicas domain service app" could be called something else in that tab, and sometimes it will not be there in the first place.
- if you have Windows 10 press Ctrl + shift + Esc = task manager > go to the STARTUP tab, select unnecessary programs and disable them.

 

NOTE: if the Malware/Virus stopping you from installing the antivirus
you can use Kaspersky Security Scan
https://www.kaspersky.com/free-virus-scan
If you are not able to run "Kaspersky Security Scan" on your PC, download it on another PC/Mac, put it on a flash drive then run it on your system

 

after doing all of that, run "User BenchMark" (http://www.userbenchmark.com/) this will show you if you have any performance issues! (maybe it's not the best benchmark software but it's good enough)
Download link: http://www.userbenchmark.com/resources/download/UserBenchMark.exe

 

If you still have a problem let me know!

[ExtraBlackMonster]

btw reinstall chrome will not hurts

[Evellence]

8 hours ago, ExtraBlackMonster said:

maybe you can disable "Federicas domain service app" from starting up with your windows

Nope, thats the first thing i tried

On 12/30/2017 at 6:31 PM, TheMarius97 said:

 

 

On 12/30/2017 at 6:33 PM, ExplosiveSloths said:

 

So i just wanted to give you guys update.

I found few files in app data, i know what it is. She (i guess its she, because of name) even left me a little note. Screenshot of a note

Another file that "she" left me is "her" MAC address. 

 

So yeah, its mining cryptocurrency. Got this from "auto clicker" that i got few days back. It was even in ToS (the long text while installing program that no one reads). 

So yeah, i have made a mistake, but it seems it was not that bad. Got rid of the folder and it seems fine for now. 

Oh and i just realised it was "federicas domani" not domain, i was panicking did not read that correctly

 

Thank you guys for your help. And take care!

Happy new year

[ExplosiveSloths]

13 minutes ago, Evellence said:

Nope, thats the first thing i tried

 

So i just wanted to give you guys update.

I found few files in app data, i know what it is. She (i guess its she, because of name) even left me a little note. Screenshot of a note

Another file that "she" left me is "her" MAC address. 

 

So yeah, its mining cryptocurrency. Got this from "auto clicker" that i got few days back. It was even in ToS (the long text while installing program that no one reads). 

So yeah, i have made a mistake, but it seems it was not that bad. Got rid of the folder and it seems fine for now. 

Oh and i just realised it was "federicas domni" not domain, i was panicking did not read that correctly

 

Thank you guys for your help. And take care!

Happy new year

Yeah, I should really start reading those things.

 

Mining for an auto clicker? Seems a bit steep imo.