#Dont know if i successfully removed malware.

I have downloaded a program from a user on discord who i knew (he probably got hacked)

I ran it and it started a command prompt with a loading bar and nothing else. When it got close to the end Defender quarantined a program called spooler in the windows folder. I deleted it, the action was succesful. I have deleted the folder that the program came in. I am doing a Kaspersky full scan right now. Sould i be worried that my PC is still infected? Since then i havent noticed anything suspicious, cpu and gpu usage is normal, none of my accounts have login attempts.

Kaspersky and hitmanpro hasnt found anything

Burn the drive and get a new one 🤣

bruh

You should try looking in Task Manager if something suspicious is running in background. Also check if there is anything that you don't know in your Program files, or temp folder.
I remember that by uploading the malware in VirusTotal, you could see exactly what's the virus doing (and so the folders that it tries to install itself to)

nothing suspicious there...

they said it could maybe inject itself into ther files tho

The most simple way to be sure that you got rid of the malware is to re-install Windows completely, or, even safer, get a new disk and destroy/never use the old one again

Did you do a full virus scan?

With all the settings on so it checks everything?

I believe using AutoRuns to check if the virus is starting is a good idea
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns

Literally shows everything that is starting with Windows.

Or you could do a boot scan

That might actually be the same thing that we’re talking about

yes both with defender and with kaspersky

and hitmanpro

Huh. That should have removed the malware

didnt find nothing

Yeah, then I doubt the problem is malware

well i dont have a problem really

im just paranoid

reasonable.

cus they say once u launch it it spreads

all tru the system

Do you have a computer that you could afford losing?

it depends on the virus...

nope

Huh

i only have one

well if you have A AntiVirus running you should be fine, consider checking the programs that start with Windows and you should be good for the most part..

.

downloading that rn

how is cmd.exe not a verified program

bruh

uh

this was installed before the virus tho

consider dism /Online /Cleanup-Image /RestoreHealth and sfc /scannow

now im not good at this what do those do

and where do i do those

if you mind explaining

sfc = system file checker

so it checks for system files that might be corrected and attempts to fix them

dism is uhh... it basically checks for windows image file corruptions and fixes them too..

i should do these in command prompt right?

administrator one, yes.

alright, thanks

what is this hlkm thing tho

well

I guess you could navigate to the reg location and check it

take a screenshot and I might be able to help.

has stuff like this too

ok

check for unverified first, I would say that's the most important!

ton of unverified stuff

dism should fix most

but my antivirus in there too

should i run this (dism /Online /Cleanup-Image /RestoreHealth) whole thng at once or once per slash?

im sorry im a noob

all

it's the arguments

they have to specified else dism doesn't know what to do.

ok its doing something its on 3 percent

ye ye, just let it do its thing!

when i try to click here

i get this

it's a registry key..

open regedit and try to navigate to the key specified...

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers

paste this on the regedit path

up here

and take a screenshot of what keys there are.

when i do that

i just get an error sound

and it puts me back where it started

what about this: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

ooh

the delete all

didnt delete the computer part

from the beginning

hm

so it was like this Computer\Computer\

Unlucky

weird

nothin'

did dism finish yet?

ok now ihave a windows thats activated by "MAS" this is just that right?

also i think it matches the activation date

uh

so i didnt buy a real key

i didnt do the process

well

a friend of mine did

Well my pc doesn't have this file..

sus

well ur pc has legit windows right?

yes

then i thnk its just that

oh well

cus he said its somehow cracked

cus we didnt pay

no comment

this finished

what about dism?

55

found corrupt files

weird

ok this done too

alright restart.

ok then brb

k im done

check autoruns

if most of them are ok now!

def less

but still quite a éot

lot

like all these

I don't think you're gonna be able to do anything about those..... they most likely have no license..

signature*

yeah

when i run law

it says unknown publisher

what are these

and why they not found

that's not an issue by itself...

oh ok

well defenetely way less unverified stuff that i dont know what they are

syswow64 is just the compatibility layer between 32-bit applications and the system.

oh

just make sure you have antivirus on, and you should be 10/10.

always be sus of every application you download.

signature is ez verifier of non-virus applications.

Defenitely wont be launching random exe-s after this

thanks for the help i appreciate it🤍

gonna go sleep its 4 am here