Hundreds of hidden Chrome now IE processes after installing software

simrick · 26 Sep 2016

tacos team said:

Thanks for your reply and the tutorial link:). I think the 450MB partition currently on the SSD must be the UEFI partition. I presume it's best to use UEFI? I have seen suggestion that if I just change the boot order in BIOS so the SSD is disk 0, you might not need to remove the other drive?

UEFI is best. Please remove the other drive, unless you want Windows to mess up the boot info across the two!

tacos team · 29 Sep 2016

simrick said:

UEFI is best. Please remove the other drive, unless you want Windows to mess up the boot info across the two!

Thanks, did this, and all went smoothly :). Had a bunch of updates to install immediately to anniversary update, also spent a while disabling cortana with a registry fix & removing a ton of Windows programs I didn't need, using powershell. I also turned off all of the background app refresh in privacy, but it seems the few I have left as live tiles, reenabled themselves

How to Uninstall Windows 10’s Built-in Apps (and How to Reinstall Them)

simrick · 29 Sep 2016

tacos team said:

Thanks, did this, and all went smoothly :). Had a bunch of updates to install immediately to anniversary update, also spent a while disabling cortana with a registry fix & removing a ton of Windows programs I didn't need, using powershell. I also turned off all of the background app refresh in privacy, but it seems the few I have left as live tiles, reenabled themselves

How to Uninstall Windows 10’s Built-in Apps (and How to Reinstall Them)

Great news! If you're satisfied, please mark the thread as solved. Cheers!

tacos team · 29 Sep 2016

simrick said:

Great news! If you're satisfied, please mark the thread as solved. Cheers!

Thanks again for your help on this :). Unfortunately I just discovered yet another new interstat / Weatherman variant compiled in April, WeatherForecast, detected by no providers. It is version 1.0.3.40, compared to older version number 1.0.3.18 had by previous Weatherman and variants. Either they suddenly took over a new leaf since writing the original Weatherman trojan, and are just writing benign helpful programs, or they just made it more adept at avoiding detection - maybe by detecting a test system environment? Or maybe all these newer variants have simply not been specifically tested, only heuristically scanned?

https://www.virustotal.com/en/file/1d44605d58be5df7fe72a3412b486186d56d485365babf26f06efcfdd84efcf5/analysis

And another of variant Network Monitor with varying version numbers, now detected by 15 providers as a Trojan

1.3.4.2
1.3.4.3
1.4.3.2

confirmed links to interstat from variant filenames in strings interstat.exe inetstat.exe bandwidthstat.exe

https://www.virustotal.com/en/file/6...9379/analysis/

simrick · 29 Sep 2016

I don't understand - are you saying you installed this on your clean install? Where did it come from? What programs have you installed? It would have had to come in with something (a PUP).

tacos team · 30 Sep 2016

simrick said:

I don't understand - are you saying you installed this on your clean install? Where did it come from? What programs have you installed? It would have had to come in with something (a PUP).

Lol, no:), fortunately not, just me being obsessive trying to find other clones of this malware, especially ones that look like they actually have been analysed properly by some AV/anti malware providers.

simrick · 30 Sep 2016

tacos team said:

Lol, no:), fortunately not, just me being obsessive trying to find other clones of this malware, especially ones that look like they actually have been analysed properly by some AV/anti malware providers.

Oh good! WHEW!

Please go ahead and mark the thread as solved, unless there is something else that needs attention on your system. Cheers!