I have followed the procedure of FRST pinned thread and here are the key words:
FRST.txt : dusky-vine
Additon.txt: mellow-beech
- what happened:
- I clicked a .exe renpy file which came from Fitgirl repack
- when did the infection occur:
- One week ago. I kept on seeing emails which sent otps to change passwords of github, linkedin and stuff as such. Then I changed my google account password.
- And nothing suspicious after that but today I found out that they used my google account to post some review in maps. That's when I started seeing similar things happened to people in reddit. So ig my PC is hacked a week ago.
- what did you do for remediation:
- I installed malwarebytes today and it quarantined some 5 issues. I have attached the necessary information below. Please help me resolve this 🙏🙏
System Information-
OS: Windows 11 (Build 26200.8328)
CPU: x64
File System: NTFS
Registry Key: 3
Trojan.Tasker.CNH.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Google Compatibility Appraiser CL_NCL_532b73c18dc08f48, Quarantined, 10725, 1399006, 1.0.109288, , ame, , ,
Trojan.Tasker.CNH.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FBE68BD4-C892-47F2-96A7-72F22E3D27F9}, Quarantined, 10725, 1399006, 1.0.109288, , ame, , ,
Trojan.Tasker.CNH.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FBE68BD4-C892-47F2-96A7-72F22E3D27F9}, Quarantined, 10725, 1399006, 1.0.109288, , ame, , ,
File: 2
Trojan.Tasker.CNH.Generic, C:\WINDOWS\SYSTEM32\TASKS\Google Compatibility Appraiser CL_NCL_532b73c18dc08f48, Quarantined, 10725, 1399006, 1.0.109288, , ame, , E617941AF54C823105F31974FCE96D3A, E749692D3AC3237E197E376E4B5ED595726370C11E19C7839FAB2E05B17173DE
RiskWare.Ngrok, C:\USERS\****\APPDATA\LOCAL\NGROK\NGROK.EXE, Quarantined, 7374, 1272854, 1.0.109288, , ame, , 1182037F0F4A1EED8CB2D2449956A689, 34FA53D21A774F2F30D31E0A502A22E26C18EFA2D9EBDE72B9721866A75442AB