Hello TechSpot - have mercy on me, for I have goofed.
Let's just say that I downloaded something we all know I shouldn't have, and proceeded to Trojan Horse the living crap out of my system. Yesterday, at about 10:30 AM, I unleashed hell on my computer, watching as, upon initiating an executable, several mysterious processes and programs with mysterious names began infecting my computer by means of opening several folders and command prompts and so-forth. Quickly, I disconnected from the Internet and ran System Restore as soon as the system was able, but it was seemingly far too late.
In response, I have done the following:
Now it hasn't done that crazy stuff anymore, but upon closer observation of Task Manager, I have located some mysterious processes: iaaslvpsvc.exe, renalcz.exe, and several instances of wiavezs.exe. I Googled all of these processes and got nothing back in return, which is terrifying. renalcz.exe and wiavezs.exe seem to be running out of a folder in my AppData folder titled, expectedly, "renalcz." However, access is denied to this folder and all files associated. iaaslvpsvc.exe is, even more terrifyingly, located in my System32 folder. And all of these files were created just a few minutes after 10:30 AM yesterday.
Scanning these items with both Avira and MB reveals nothing. It seems to me I may have opened the door to an infection that is not currently detectable by AV software, and I very well might be boned; particularly since I don't know how far this rabbit hole goes, and have no way of knowing what other nasty secrets are hiding undetected in my computer. However, I wanted to come to the good graces of TechSpot in hopes of potentially rescuing my computer from infection without having to bomb my entire system and start over.
Also, a couple added notes: firstly, wiavezs.exe has about two instances at startup, but gets about 4-5 after a time. Second, I have around 16 instances of svchost.exe running at any one time - however, this was well before I had (to my knowledge) infected my computer, but wanted to run that tall number past you guys to see if that many instances would be worrisome.
At any rate, sorry for the novel, and I hope that my computer can be saved...if not, I would like some tips on the most efficient means of bombing and rebuilding my system, preferably with as little legwork as possible. Thanks in advance for all your help.
Let's just say that I downloaded something we all know I shouldn't have, and proceeded to Trojan Horse the living crap out of my system. Yesterday, at about 10:30 AM, I unleashed hell on my computer, watching as, upon initiating an executable, several mysterious processes and programs with mysterious names began infecting my computer by means of opening several folders and command prompts and so-forth. Quickly, I disconnected from the Internet and ran System Restore as soon as the system was able, but it was seemingly far too late.
In response, I have done the following:
- Restored the system to a week prior. This seemed to interrupt the malware installation process at the time.
- Ran a full scan with Avira with no network connection. The scan detected about 12-ish items. Upon quarantining these items, the details seemed to indicate that the quarantine was largely unsuccessful due to system errors and inability to move items to quarantine.
- Ran (severely outdated) MalwareBytes in Safe Mode and picked up a few more things.
- Risked Safe Mode w/ Networking to update MB. After updating, MB picked up 81 detections. (Ouch.) All items seem to have been successfully quarantined.
- Cleared all browser caches and reinstalled all browsers. Checked for fraudulent extensions. Changed my Chrome profile icon back, which had been inexplicably changed to the Awesome Face. (???)
- Checked Programs and Features for any lingering adware and other garbage. Several items had lingered upon running Avira, but MB seemed to do away with what was left.
- Restarted several times, regularly scanning with MB and Avira each time. Detected a few more items the first time, but got nothing but clean sweeps afterwards.
Now it hasn't done that crazy stuff anymore, but upon closer observation of Task Manager, I have located some mysterious processes: iaaslvpsvc.exe, renalcz.exe, and several instances of wiavezs.exe. I Googled all of these processes and got nothing back in return, which is terrifying. renalcz.exe and wiavezs.exe seem to be running out of a folder in my AppData folder titled, expectedly, "renalcz." However, access is denied to this folder and all files associated. iaaslvpsvc.exe is, even more terrifyingly, located in my System32 folder. And all of these files were created just a few minutes after 10:30 AM yesterday.
Scanning these items with both Avira and MB reveals nothing. It seems to me I may have opened the door to an infection that is not currently detectable by AV software, and I very well might be boned; particularly since I don't know how far this rabbit hole goes, and have no way of knowing what other nasty secrets are hiding undetected in my computer. However, I wanted to come to the good graces of TechSpot in hopes of potentially rescuing my computer from infection without having to bomb my entire system and start over.
Also, a couple added notes: firstly, wiavezs.exe has about two instances at startup, but gets about 4-5 after a time. Second, I have around 16 instances of svchost.exe running at any one time - however, this was well before I had (to my knowledge) infected my computer, but wanted to run that tall number past you guys to see if that many instances would be worrisome.
At any rate, sorry for the novel, and I hope that my computer can be saved...if not, I would like some tips on the most efficient means of bombing and rebuilding my system, preferably with as little legwork as possible. Thanks in advance for all your help.
