Windows 10: How do I find a task I believe is related to coinminer malware?

I am having an odd problem that I think may be related to malware.

A few days ago Windows Defender stopped working. I also use Comodo AV. Comodo AV was disabled from the system tray but it was apparently still able to run. It ran a scheduled scan and discovered a miner.

For some time I had noticed that every time I boot C:\Windows\Temp\signtool.exe wants to connect to the web.

However no such file exists on my machine.

This got me to thinking that there must be a task somewhere that is running signtool.exe from the temp folder. And then deleting that file.

I started logging tasks with Task Scheduler.

I have identified two tasks I think are suspicious. Signtool.exe attempted to connect to the web 2 mins after one of these tasks ran.







However I can't interact with the task at all because Task Scheduler doesn't allow you to open tasks from the Task Status box. How can I find out more information about this task?



I am not sure but I think this is the first stage of the malware process. Signtool will connect to the internet, and then download the payload, and then the miner will start again. The miner will disable Microsoft Security Center, will disable updates, and then start doing the mining.


Or maybe I am being paranoid and signtool.exe is a legitimate process and I am being paranoid. However, I use the same programs on multiple machines and never seen this signtool.exe on any other machine.

I will also note that startupchecklibrary.dll has returned to my machine, although I deleted this file as part of malware removal efforts.

Any help, any information is appreciated.

At this point I am trying to determine

1. If I am overreacting and signtool.exe is legitimate
2. Why signtool.exe seeks to the connect to the internet at boot, and then at scheduled intervals
3. What these strange tasks are and how I can find them

:)

 

XBash malware combines ransomware, coinminer, botnet, & worm features

Read more:

• New XBash malware combines ransomware, coinminer, botnet, and worm features in deadly combo | ZDNet
• Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows - Palo Alto Networks Blog

 

Malware Detected

If this is what you are seeing suggest you follow all
ofthe steps listed in this removal guide:
https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error/

Other scanners that may help resolve this malware issue are listed in
List of Malware Removal Tools

Regards…

http://blog.emsisoft.com/2015/01/27/top-10-ways-pups-sneak-onto-your-computer-and-how-to-avoid-them/

 

My pc takes for ever to shut down when i restart

Suggest cleaning up your startup list .There may be many services / Apps you can remove on startup which is not needed on boot or during shutdown.
Before you shutdown the Pc check what is running in Task Manager as a program or service in not killing the process on shutdown

Would suggest cleaning up running apps and services -Autoruns, StartupMonitor,HighjackThis,
Malware Scan - Malwarebytes,ADWcleaner, Combofix