Post by: Bri Traci on June 29, 2018, 01:05:09 pm
A scan using roguekiller came back with svchost.exe proc.runPE  ACTION KILL 4492. Assuming 4492 is the PID? If so the process must be hidden because I cant find it running. Plz advise

edited: Found PID 4492 , plz see screenshot
Post by: Curson on June 29, 2018, 03:29:08 pm
Hi Bri Traci,

Could you please attach RogueKiller JSON report with your next reply ?

Post by: Bri Traci on June 30, 2018, 02:12:17 am
absolutley, Im running a new scan as we speak.  little things have happend since I first posted this, such as now my task manager has mysteriously dissapeared, when trying to shut my system down I am informed that other people are logged in to my system and they should save their work first, but yet I can find no other users, hidden or otherwise, no start up keys, no persistent start up keys anywhere in my registry, no hidden processes, nothing in app data local or roaming folders, program data directory seems normal stumped at this point..Ill be poking around my group policy in a minute ..whatever is in my system, or whoever is in my system is apparently better than me at crypting their trojan ..but no worries eh..takes a hacker to stop a hacker... ( hey mr hacker,,are you reading this log as i type? lol..go eff urself....lmao. You shouldnt have disabled my task manager rookie..