:banghead:
Hello....
As indicated by the above not-so-smillie I'm frustrated to no end but lucky to still have networking capability for the moment.
I noticed the cooling fan on my laptop running more than it needed to be so I checked Task Manager to see what was running.
Checking under "show processes from all users" I found several hundred running instances of the following programs:
cmd.exe
conhost.exe
schtasks.exe
svchost.exe
Windows Defender has identified one of the culprits as:
ransom:HTML/Crowti.A
which is tagged by Defender attempting something every 3-5 minutes at Severe threat level. The machine hiccups/ freezes for a split second, Defender quarantines it and usually I'll get control back afterward.
I was running Symmantec Endpoint Client which I have since removed, leaving Defender and MBAM on the system.
When I tried to run DDS the system froze completely and required a hard reset. I have not attempted again until I get feedback from the Forum, hence the lack of requested log files.
Of note also is that this machine is on my network wirelessly along with a desktop (not mapped yet on this machine) and a WD MyBook Duo (not yet set up but it is mapped). There are errors logged in the Motorola cable modem/ router (SBG6580) but were all the same date and don't appear to be relevant.
My other problem aside from the virus is that this machine appears unable to be booted from a WinPE disk/ USB drive. Sources have indicated that the BIOS on this machine is too old to support it so I'm stuck hoping that that I don't lose the MBR or other critical data before a resolution. I had been looking into having a cloned drive availalable but don't know the best method of doing that. I can't back up anything now without fear of cloning the virus as well.
Any initial assistance is appreciated. I'll run DDS in safe mode if it yields the necessary data or at least enough to start the process.
Hello....
As indicated by the above not-so-smillie I'm frustrated to no end but lucky to still have networking capability for the moment.
I noticed the cooling fan on my laptop running more than it needed to be so I checked Task Manager to see what was running.
Checking under "show processes from all users" I found several hundred running instances of the following programs:
cmd.exe
conhost.exe
schtasks.exe
svchost.exe
Windows Defender has identified one of the culprits as:
ransom:HTML/Crowti.A
which is tagged by Defender attempting something every 3-5 minutes at Severe threat level. The machine hiccups/ freezes for a split second, Defender quarantines it and usually I'll get control back afterward.
I was running Symmantec Endpoint Client which I have since removed, leaving Defender and MBAM on the system.
When I tried to run DDS the system froze completely and required a hard reset. I have not attempted again until I get feedback from the Forum, hence the lack of requested log files.
Of note also is that this machine is on my network wirelessly along with a desktop (not mapped yet on this machine) and a WD MyBook Duo (not yet set up but it is mapped). There are errors logged in the Motorola cable modem/ router (SBG6580) but were all the same date and don't appear to be relevant.
My other problem aside from the virus is that this machine appears unable to be booted from a WinPE disk/ USB drive. Sources have indicated that the BIOS on this machine is too old to support it so I'm stuck hoping that that I don't lose the MBR or other critical data before a resolution. I had been looking into having a cloned drive availalable but don't know the best method of doing that. I can't back up anything now without fear of cloning the virus as well.
Any initial assistance is appreciated. I'll run DDS in safe mode if it yields the necessary data or at least enough to start the process.