- 1 Post By roraniel
- 1 Post By RolandJS
- 1 Post By HappyAndyK
Hijacked? I Don't Even Know Where To Start.
First indication that something was wrong was long response times to any input.
I checked my CPU and Memory and both were pegged at 100%.
HD was running constantly.
Apps like Notepad (which I rarely use) showed 3,000,000+ file size
Long story short, when I checked the properties of a number of processes I found that the Security permissions of most had been changed such that:
The Groups or User names had all been changed to only Read & execute and Read allowed.
A user TrustedInstaller had been added with Full Control, Modify, Read&execute, Read and Write allowed.
Virus Checker (McAfee) showed PC free of viruses, spyware and "other" threats.
Any help/suggestions would be GREATLY appreciated...
Thanks in advance
Re: Still Need Help - Perhaps Wrong Venue?
I'm new here so you will have to forgive me. Without a single response to over 222 views I have to assume this is not the proper venue for technical help or suggestions.
Any suggestions on that front? Can you suggest a better place for assistance?
As it stands, with the exception of this borrowed Netbook, I am completely out of business, so to speak.
Thanks for any help,
Originally Posted by jimbob42
I would try a scan with https://www.malwarebytes.org/
Before you run the scan I would clear out the restore points as some malicious software can store itself there as well. Right click on My Computer, click properties, click system protection, Under protection settings click each drive shown, click configure, and click turn off system protection. This will delete all the restore points. Make sure the recycle bin is empty and run the scan. If you get everything working again you will want to turn protection back on.
The TrustedInstaller user account is used by the Windows Modules Installer service included with Windows. This service is responsible for installing, modifying, and removing Windows updates and other optional Windows components.
Last edited by roraniel; 16th July 2015 at 13:18.
I could be off-base, however, I'm wondering if any 3rd party Windows tweakers were installed and used? For me, I found out one has to be careful even with the well-respected and well-known solid utility as Windows Club's Ultimate Windows Tweaker [ver2=W7 & earlier; ver3 W8+].
I hope you or some program has not tweaked your system.
If this TrustedInstaller.exe is located at C:\Windows\servicing\ then it is a genuine Microsoft file, else malware.
Yes, you can sue malwarebytes to full-scan your Windows computer.
Additionally, you may use one of these free standalone anti-malware scanners too, to get a second opinion.
Before your sun the scans, you may want to use Disk Cleanup Tool clear up your junk files. This will reduce the scan time.