S
SmoKenTurkey
Guest
I feel like everything I know is telling me that my computer (Win10) has been taken over. While at the same time Windows Defender and even MalwareBytes software is showing no indication of any threat. First thing that caught my attention was that I could not MAXIMIZE any window. After maximizing any window, it fills the screen real estate edge to edge, but grabbing the title bar it can still be slid around like before it was maximized. Other strange things like users being added to both the \users folder, as well as security objects. Digging into this, are these normal desktop.ini entries?
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21762
[LocalizedFileNames]
ODBC Data Sources (32-bit).lnk=@%SystemRoot%\syswow64\odbcint.dll,-1693
Registry Editor.lnk=@%SystemRoot%\regedit.exe,-16
Windows Defender Firewall with Advanced Security.lnk=@%SystemRoot%\System32\AuthFWGP.dll,-20
Task Scheduler.lnk=@%SystemRoot%\system32\miguiresource.dll,-201
Computer Management.lnk=@%SystemRoot%\system32\mycomput.dll,-300
I know that something is altering my Windows Defender Firewall Inbound & Outbound Rules and there is not a single Connection Security Rule defined. Maybe I'm being overly suspicious (ok, paranoid), but something doesn't feel right, but all of the security applications are showing "thumbs up". While at the same time, the anti-virus apps are completing a 650,000+ file scan in minutes. As I am writing this I noticed that all of my subfolders under \windows\system\system32 have a create date of 10/12/19...my windows-10 has been installed for 2 years.
Are there viruses out there that can alter security apps like this? If so, what do I trust to remove the files effected. Many moons ago, to clean a system required clean booting from a known sterile boot disk and only then running removal-sweeping software. Any insight would be greatly appreciated.
More...
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21762
[LocalizedFileNames]
ODBC Data Sources (32-bit).lnk=@%SystemRoot%\syswow64\odbcint.dll,-1693
Registry Editor.lnk=@%SystemRoot%\regedit.exe,-16
Windows Defender Firewall with Advanced Security.lnk=@%SystemRoot%\System32\AuthFWGP.dll,-20
Task Scheduler.lnk=@%SystemRoot%\system32\miguiresource.dll,-201
Computer Management.lnk=@%SystemRoot%\system32\mycomput.dll,-300
I know that something is altering my Windows Defender Firewall Inbound & Outbound Rules and there is not a single Connection Security Rule defined. Maybe I'm being overly suspicious (ok, paranoid), but something doesn't feel right, but all of the security applications are showing "thumbs up". While at the same time, the anti-virus apps are completing a 650,000+ file scan in minutes. As I am writing this I noticed that all of my subfolders under \windows\system\system32 have a create date of 10/12/19...my windows-10 has been installed for 2 years.
Are there viruses out there that can alter security apps like this? If so, what do I trust to remove the files effected. Many moons ago, to clean a system required clean booting from a known sterile boot disk and only then running removal-sweeping software. Any insight would be greatly appreciated.
More...