This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 61%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
At my wits end right about now, spent over 4 days non stop trying fix (i don´t even know what)
Installed this fresh version last night and
event id.
1100
1101
4608
4616
4624
4625
4634
4647
4648
4672
4688
4696
4717
4718
4720
4722
4724
4725
4726
4728
4729
4731
4732
4735
4737
4738
4739
4781
4797
4798
4799
4826
4902
4907
5024
5033
5058
5059
5061
5379
5382
some of the actions made
"A logon was attempted using explicit credentials.
A user's local group membership was enumerated.
Special privileges assigned to new logon.
A security-enabled local group membership was enumerated.
Key migration operation.
Auditing settings on object were changed."
This from the security tap in event viewer over 18900 event atm, starting to override itself.
From a install less then 12 hours old.
Tried all malware virus removal guides, and everything i could find, but at this point.
From things i have found on the internet,
this is some new version of solarflare virus, or some offline files that load from csc folder and infect from there.
some time after the install i start finding folders with names like , windows(8asdwef485w1ef684wefwe4f8416wf)
it´s overwritten the first files , wich is dublicatefile changer, this keeps changing my settings turns antivirus off and on, stoppes me from updating,
also there was some 3rd party update, that refers in my language to a specific date in last month, guessing that´s the time i got infected.
Right now iceland is hosting eu blabla, and our systems are under attack from russia the media says,
But i doubt that , this seems to be some combination of multible viruses/malvare, some new ai thingy...
Problem is, new user logging in, change in policy, change settings, hides updates, hides when scans, turns defender off and on,
changes file names, multible instances of each of these things plus more, remote blabla
Done the
usb install , online install local install,
Safe mode,
no internet,
offlinescans, both windows and a online virus software.
kill processes, rkill thingy
malwarebytes, avast, and some other antivirus that was recommended on these forums, that i had to sign up for a 30 days trial.
I also was able to update windows security at one point and had the newest definition. Is the newest atm.
sfc, image clenup, users, ect ect,
From time to time i would find a folder or connection that later just dissapears,
Everytime i thought i found the source , it would prove to be wrong.
I don´t know, i have honestly given up on resolving this....
been removing viruses since back in the day of happy.exe
Might be something to do with the eu conference , and my provider vodaphone being attacked, should i just wait for the conferance to be over and try fixing it then?
I only noticed this virus , because aftey got full control they installed a miner called "kudos" i think it was , and i noticed my pc working while in standby mode.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
From what you explained it is hard to say if it was a virus or system information or normal behavior of system.
You mentioned about running scan with multiple scanners, did you run a full scan or quick scan and what was the result?
I am no AV expert but if the virus returns after an offline rebuild with no Internet it seems like there is something persistent on the device or nearby. If this was a corp device it would get thrown out. Have you tried an offline scan?
You could also try to get the system fully patched and running a good consumer AV service quickly after a rebuild. Hoping that the patches and AV service could cleanup and remediate.
