I'm currently on Windows 10 and there's a process running, which I only noticed due to Process Hacker. It's unsigned and packed, with a thread running. In Process Hacker I can view the file location, but there's nothing there. However, when I list all directories in CMD, it's there, but I can't delete it. I've tried giving myself access to it, and some user named "logon" has access. When I leave the folder and try to find it in Explorer, it doesn't exist. No antivirus can pick it up, and if I do a factory reset or use a USB, it's back. What can I do? Also, I can't remove the remote user because when I open any window related to users, it crashes, and that's after I suspended their .exe file. No antivirus can detect it im guessing it was from a binded rar file most advanced rat ive seen in a good while. The rat is suppose to look like a edge updater but you can tell its unlegit due to file not existing according to explorer and the fact its unsigned like most or not all windows programs. Closing rat doesnt help either in 5 mins its back theirs also nothing in task scheduler or startup and its starts when i boot. only ideas on what i can do to help my self? Also if i may include that taskmgr cant see it i was only able to notice it with Process Hacker when i hid all signed processes.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
