Windows 10: Computer Infection--Emergency!

Slow down. It's a trojan downloader. It doesn't spread, it downloads other stuff.
JS_NEMUCOD.MV - Threat Encyclopedia - Trend Micro USA


I think you caught things in time. This downloader is noturious for bringing in Locky encryption ransomware, of which you don' t have.

 

Flew, slows down a bit, so no clean install needed of Windows 10 and all other programs? Think I will still do clean install of Windows 10 Pro, just have to finish backing up all the personal pictures, mp3 files, and documents, I think I will feel safer that way, glad I caught it in time though before it got the Encryption ransomware though, that's a relief

 

Really, at this point, I don't think it's necessary. Unless you find any ransom notes in any of your data folders:
Code: _Locky_recover_instructions.txt[/quote] The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
But if you're up to a clean install, that's always a good thing. *Smile

I think you caught it in time. Not many people monitor their CPU usage and processes like you and I do. Those who do, see things as soon as they start to happen. Trojan downloaders need time to phone home, to find a site that's not been shutdown, wait for instructions, download the payload, and then execute. Mind you, all this can happen in a flash, but sometimes we get lucky, and we stop them in their tracks. Defender certainly did its job for you this time.

It's likely this came in as an email attachment from a phishing email. If you use an email client (Outlook/Thunderbird, WindowsLiveMail, etc.), and have it sent to auto-preview messages, simply previewing a message can be enough to trigger the trojan. Other times you actually have to try to open the attachment for it to start downloading junk.

If you can, I would use best practice for backups, the 3-2-1 method: 3 rotating backups, 2 taking turns being connected to the machine, and one off-site. The best backup method I have found is Macrium Reflect Free. It can be set to run automatically; images can be mounted and single files pulled off if needed. You can even automatically add Macrium to your boot menu. Plus if your hard drive bites the dust, a new drive can be imaged and you're back in business within a short amount of time. No installing of programs necessary.

I will make a few suggestions for your computer security, if it's okay:

You see that this (and most downloaders) download their payload(s) to the appdata/temp file directory and attempt to execute from there, so a program which prevents executable files from executing out of uncommon areas such as these would help. The one I use is:

CryptoPrevent (free version)

Firefox browser, with appropriate security settings in place (I can go into that in another post).

Set your email client so it doesn't auto-preview, and never open attachments you are not expecting.

Defender is good, and certainly saved your bacon this time. ESET NOD32 (paid) would be a step up, and you can find it a lot on sale at Newegg. They also have a 30-day trial if you want to test it out. It's one of my favs.

Malwarebytes Antimalware: Free is good, but it's passive. If you can swing it, the Pro (paid) version is active protection, and their beta anti-ransomware module will be rolled into the Pro version as soon as it's out of beta.

SuperAntiSpyware Free: another passive one, clearing tracking cookies and some malware.

MBAE Malwarebytes Antiexploit: free version provides protection for exploits against your browsers. The paid version provides protection for all internet-facing applications on the computer.

Unchecky: prevent those unwanted PUPs and PUMs from installing along with other software.

A layered approach is required, as each program has its niche/specialty.

 

Yes, money wise not much due to being disabled, but i'lll see what I can swing, might try Firefox browser, up for a Clean install, and with 10 it doesn't take that long to do, not sure if I can set Windows 10 Mail app to not preview email messages or not, but i'll check on that as well, I got a lot of files, I spend most of my time gaming, or in Secondlife game, or doing some other tasks at times. So Clean install won't be too much trouble I guess

 

Understood. Use the free versions where you can, and set reminders to run scans on a regular basis yourself.

It's unfortunate that we're not able to get the flagged items form the ESET online scan. Reading here:
JS/Nemucod
The Nemucod family also try to download password stealers and information grabbers. Might want to keep an eye on your email addresses at these 2 sites:
Find the source of your leaks
Have I been pwned? Check if your email has been compromised in a data breach
And, if you use yahoo mail, be sure to change your password now. Their 2-year-old hack has been put up for sale on the dark web.

Also, make sure you do not re-use passwords. A password manager like LastPass will help you with that.

Let me know when you're ready to setup Firefox, and we'll detail that out.

 

Yeah will change all the passwords after the clean install I think might be best option right now, I don't reuse any passwords, mine are usually 8-10 characters or more long, or longer---remembering them is hard part at times, but I do pretty well so far with most of the passwords.

Will let know when i'm ready to setup firefox and see if I like it, I might, but not sure yet, never used any other browser except IE, but for now just make sure I got the files I can't lose backed up, then find WIndows 10 Pro 64bit flash drive, and proceed with clean install, then should be feeling safer, and install the suggested security items, and hopefully all good

 

Get the latest one here:
Windows 10 ISO

Listen (don't tell anyone, but) I was a die-hard IE user for many years. *Wink

 

Sorry to hijack, but is CryptoPrevent a good all round AV supplement? It can apparently protect against viruses other AV's can't...

I see that you don't use EMET. I'm trying to find the answer as to whether I should move it on and use MBAE premium instead. Apparently EMET in use with Windows 10 has a secondary login vulnerability but I don't fully understand what that is.

EMET can protect any app on your machine, can MBAE premium do close to that?

 

CryptoPrevent: Does it work? - Anti-Virus, Anti-Malware, and Privacy Software
Wouldn't be without this program.

Seems MS patched that vulnerability in February.
Attackers can turn Microsoft's exploit defense tool EMET against itself | PCWorld
Still, I prefer MBAE.

From what I understand, MBAE Pro can be configured to protect all internet-facing applications on the machine.

Frequently Asked Questions - Malwarebytes Anti-Exploit - Malwarebytes Forums

How to verify that MBAE is working correctly - Malwarebytes Anti-Exploit - Malwarebytes Forums

And here's an interesting thread to read:
MBAE and EMET - Anti-Virus, Anti-Malware, and Privacy Software


.

 

Sssshhhhhh! It's not something I want spread around! *Roflmao2

 

It already spread when you're on the internet.

 

Windows 10 Clean Install all done, System running fine now, restored personal documents, and files, ran 1 virus scan, all clean, so hopefully stays that way now, Still Not sure on Firefox, so so used to Internet Explorer/MS Edge browser, But maybe i'll warm up to Firefox eventually, adblocker setup on Ms Edge, Slowly changing account passwords, but got a lot, so gonna take a bit on that part. Thank you everyone for the help, marking this thread as solved I think

 

Good job!
At this point, it would be wise to start making images of your system, so you don't have to go through this again.
Macrium Reflect - Backup Restore - Windows 10 Forums

Cheers! *Thumbs

 

Already did make an image right after I had the drivers in, and a few programs.. Drive limited on space though, so only can make so many, before I'm out of room