New
#1
Malware help please + cryptoprevent
So I have this in the log of cryptoprevent
Event ID=866 Message of: Access to C:\Users\Zman\AppData\Local\atbizdu\cgcstpk.exe has been restricted by your Administrator by location with policy rule {B6AF3C37-6012-4DEC-87BB-5125E94F5BC5} placed on path C:\Users\AdminZman\AppData\Local\*\*.exe.
on a constant basis I cannot get into that folder I cannot delete it rename it or anything if I try to take ownership of it I get told I cant even though Im a adminstrator account.
I booted off a windows 7 disk went to a command prompt and deleted it yet its back again Ive ran malwarebytes hitman pro windows defender. How do I figure out how thats being created and whats trying to access that exe?
thanks