Clicked on the wrong .exe thinking I’m opening a video file and several things happened:
1. UAC asked me to allow “Google Updater” to make changes. I declined, because I realised instantly it was an .exe file in the moment I was clicking it
2. I also got an error similar to the error I get when I attempt to install NetLimiter – something about not being able to run an application because “**MSVCR100**.**dll is missing**”. I’ve attempted to fix this problem in the past but without success, looks like it may have worked in my favor and stopped something
3. XMRminer process started but closed itself automatically when I opened task manager, to hide itself, I assume. I found the process along with 2 other files hiding in my **%AppData%/Roaming/WinHost,** the miner was called **kernel** but it would re-create itself when I close the task manager so I deleted the entire **WinHost** folder which also had a **svchost** file and one more that I don’t remember. Once I did that, it the miner didn’t start itself anymore.
4. I found a folder **%AppData%/Roaming/WinHost** which was modified recently and it was called **Google Updater**, deleted that too. It was roughly the same size as the original .exe I had mistakenly clicked so I assumed it has replicated itself so it can keep starting itself.
5. Checked Task Scheduler for any created tasks and sorted by created date – 2 were recently created and I deleted them but stupidly before checking if they are referencing more files that I haven’t removed
Do you have any advice for me? Is there a way for me to scan for ALL files modified at or after a specific date and time so maybe I can find if this has done anything else.
What would you recommend I run to scan for potential problems? An anti-virus? An anti-malware? An anti-spyware? And which ones?
Should I run some log or registry files through some online scan? If so which ones and through which scan?
Would appreciate some help with this, I’d rather not have to reinstall everything right now.