Oh OK, seems legit then. Thanks for all your help on this:).

I notice that MsMpEng.exe is still running, is that normal:rolleyes:?

Thank you so much, it's off now, hopefully for ever:chuckle::think:!!!

OK, I found the option to turn off real time protection, MS seems to have changed the design of the page - you have to go to "Windows Defender Security Centre", then click the shield icon on the...

Honestly I think it's only when I'm using Microsoft Edge, particular when I save images from it :sarc:. I'm not sure why I persist in using it! It is still a mystery why Kaspersky does not seem...

I think the crashes have been going on for 3 or 4 weeks. Not sure how to post update history, my Windows build is Version 1709 (Windows 10 x64)

Scans all seem OK
177469
...

Thanks dalchina. I think something is wrong as Kaspersky is not listed on that page, just the Windows Defender scan options:(. I am getting strange system hangups with Windows Explorer crashing a lot.

I've found the page that advises on how to disable Windows Defender on here, but the screen I get in the 'Windows Defender Security Centre' looks nothing like I see there, and there is no option to...

Lol, no:), fortunately not, just me being obsessive trying to find other clones of this malware, especially ones that look like they actually have been analysed properly by some AV/anti malware...

Thanks again for your help on this :). Unfortunately I just discovered yet another new interstat / Weatherman variant compiled in April, WeatherForecast, detected by no providers. It is version...

Thanks, did this, and all went smoothly :). Had a bunch of updates to install immediately to anniversary update, also spent a while disabling cortana with a registry fix & removing a ton of Windows...

Thanks for your reply and the tutorial link:). I think the 450MB partition currently on the SSD must be the UEFI partition. I presume it's best to use UEFI? I have seen suggestion that if I just...

Simrick, Borg, thanks for your replies, am having some issues with reinstalling and formatting, would appreciate if you could check my pm, cheers.

Thanks for the tip. Sorry if a dumb question but how will Windows 10 then know I have a valid license, do I need to backup the serial number somewhere or can I use my original Windows 7 key?

Yeah,...

I am not sure it is just a PUP though. If you look at the earlier Weatherman malware that was almost certainly made by the same person it is detected by multiple AV providers as a Trojan. I think the...

Thanks again Borg. I ran TDSSKiller and nothing found. I did notice it's Kaspersky though which I have installed and since Kaspersky is not detecting this malware, it may not find anything related to...

Thanks again Borg. I went into Revo Autorun Manager and hit confirm on delete and there were no other options - I think they only appear for programs that have been installed normally. Anyhow, on...

I looked in the strings for anything like keylogger, capture, but couldn't see anything obvious. If it can do the others presumably it could do that too though. It seems it probably disguises its...

Hi, I went to delete it and I can't see an advanced option, it just asks OK to delete this item? Meanwhile I have been looking at process explorer (with the process suspended), and I found some info...

Hi Borg, sorry if I wasn't clear I meant Revo found it in its Autorun Manager function. Weirdly it does not show up at all in msconfig:huh:? If I select in Revo the Remove button goes active, I...

Hey Borg:) thanks for your comments, I actually did this but Rkill did not detect it, I did then do another malwarebytes and adwcleaner scan, but nothing found. It seems like it really is out in the...

Found this discussion below on freefixer, it seems someone noticed the exact same behaviour with chrome then internet explorer launching a large number of connections in the background

What is...

Thanks Borg for your further comments. I took the risk of enabling internet explorer again today but required permission to access from Kaspersky and unfortunately it seems I am still infected- I...

Borg, thanks for your reply. I had a look on the Lavasoft forums and it seems there are plenty of people unhappy with the behaviour of their web companion, including inability to remove it using...

OK, I neglected to run AdwCleaner, have now done so and pretty shocked to see a huge number of files and registry keys from the Lavasoft Web Companion including LavasoftTcpService flagged by...