Like Tree3Likes
  • 1 Post By roraniel
  • 1 Post By RolandJS
  • 1 Post By HappyAndyK

Thread: Hijacked? I Don't Even Know Where To Start.

  1. #1
    jimbob42 is offline New Member
    Join Date
    Jul 2015
    Posts
    2

    Unhappy Hijacked? I Don't Even Know Where To Start.

    First indication that something was wrong was long response times to any input.

    I checked my CPU and Memory and both were pegged at 100%.

    HD was running constantly.

    Apps like Notepad (which I rarely use) showed 3,000,000+ file size

    Long story short, when I checked the properties of a number of processes I found that the Security permissions of most had been changed such that:
    The Groups or User names had all been changed to only Read & execute and Read allowed.

    A user TrustedInstaller had been added with Full Control, Modify, Read&execute, Read and Write allowed.

    Virus Checker (McAfee) showed PC free of viruses, spyware and "other" threats.

    Any help/suggestions would be GREATLY appreciated...

    Thanks in advance
    JimBobInTexas

  2. #2
    jimbob42 is offline New Member
    Join Date
    Jul 2015
    Posts
    2

    Unhappy Re: Still Need Help - Perhaps Wrong Venue?

    I'm new here so you will have to forgive me. Without a single response to over 222 views I have to assume this is not the proper venue for technical help or suggestions.

    Any suggestions on that front? Can you suggest a better place for assistance?

    As it stands, with the exception of this borrowed Netbook, I am completely out of business, so to speak.

    Thanks for any help,
    JimBob
    jimbobintexas@gmail.com
    =========================


    Quote Originally Posted by jimbob42 View Post
    First indication that something was wrong was long response times to any input.

    I checked my CPU and Memory and both were pegged at 100%.

    HD was running constantly.

    Apps like Notepad (which I rarely use) showed 3,000,000+ file size

    Long story short, when I checked the properties of a number of processes I found that the Security permissions of most had been changed such that:
    The Groups or User names had all been changed to only Read & execute and Read allowed.

    A user TrustedInstaller had been added with Full Control, Modify, Read&execute, Read and Write allowed.

    Virus Checker (McAfee) showed PC free of viruses, spyware and "other" threats.

    Any help/suggestions would be GREATLY appreciated...

    Thanks in advance
    JimBobInTexas

  3. #3
    roraniel's Avatar
    roraniel is offline Gold Member
    Join Date
    Oct 2008
    Location
    Pinehurst, NC
    Posts
    860

    Default

    I would try a scan with https://www.malwarebytes.org/

    Before you run the scan I would clear out the restore points as some malicious software can store itself there as well. Right click on My Computer, click properties, click system protection, Under protection settings click each drive shown, click configure, and click turn off system protection. This will delete all the restore points. Make sure the recycle bin is empty and run the scan. If you get everything working again you will want to turn protection back on.

    The TrustedInstaller user account is used by the Windows Modules Installer service included with Windows. This service is responsible for installing, modifying, and removing Windows updates and other optional Windows components.
    Last edited by roraniel; 16th July 2015 at 13:18.
    jimbob42 likes this.

  4. #4
    RolandJS's Avatar
    RolandJS is offline Windows Enthusiast
    Join Date
    Dec 2014
    Posts
    141

    Default

    I could be off-base, however, I'm wondering if any 3rd party Windows tweakers were installed and used? For me, I found out one has to be careful even with the well-respected and well-known solid utility as Windows Club's Ultimate Windows Tweaker [ver2=W7 & earlier; ver3 W8+].
    jimbob42 likes this.

  5. #5
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,401

    Default

    I hope you or some program has not tweaked your system.

    If this TrustedInstaller.exe is located at C:\Windows\servicing\ then it is a genuine Microsoft file, else malware.

    Yes, you can sue malwarebytes to full-scan your Windows computer.

    Additionally, you may use one of these free standalone anti-malware scanners too, to get a second opinion.

    Before your sun the scans, you may want to use Disk Cleanup Tool clear up your junk files. This will reduce the scan time.
    jimbob42 likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22