My computer is infected but AV software does not find anything

Tester · Feb 21, 2025

I still would like to see some of the printscreen i asked for. Just telling us..

Also would like to see the totalvirus url of the scanned file: wlanext.exe

Most cases malware uses powershell or conhost on the first run of infection to get the payload on the machine, and then stops doing those things. So you won't see it constantly running... And then just inserts/hijacks a running process at startup without it running its own.exe file, and you won't even see it.

If it is really an infection, i would do a fresh reinstall.

If you want to figure it really out, i would attach a debugger to all processes, and see if debugger detaches, or getting access violoation on the attached programs..

Also install a firewall that reports on all outgoing traffic, and then only allow processes to access internet you trust. like 70% can be defaultly block.
A free firewall, can be as simple as the malwarebytes firewall control: https://forums.malwarebytes.com/topic/296798-malwarebytes-windows-firewall-control-wfc/ Then when you get a virus/malware, it cannot defaultly connect to the internet.

Jacee · Feb 21, 2025

You mentioned dllhost starts with a command..... Look at dllhost.exe dllhost.exe - What is dllhost.exe?

If you used this computer for banking I would notify the Bank. I also suggest you do a clean install and change all passwords using a known clean computer.

Anixx · Feb 21, 2025

Kaspersky does not find anything...

Tester · Feb 21, 2025

Normal!

Jacee · Feb 21, 2025

Anixx said:
Kaspersky does not find anything...

Why are you telling us that Kaspersky doesn't find anything? If you know how to copy and paste any of the results from anti-virus programs you've run, please do so, or ask how to do it.

Anixx · Feb 22, 2025

Avast also does not find anything. What's the purpose of pasting "all is OK"?

Anixx · Feb 22, 2025

Okay, so I found a directory structure with circular references in Firefox profile folder, which cannot be deleted. Inside are files looking like folders with name "https+++you.com." which cannot be entered or deleted.

The structure is located at
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\<my profile>\storage\archives

Dannydet · Feb 22, 2025

I would do a clean install of windows for peace of mind.
Keep it as a local account.
Change your passwords to all your accounts.

Anixx · Feb 22, 2025

Dannydet said:
I would do a clean install of windows for peace of mind.
Keep it as a local account.
Change your passwords to all your accounts.

So, I rolled back to a snapshot from half a year ago.

Anixx · Feb 24, 2025

Okay, so I formatted the hard drive, and after that robocopied the system from a snapshot of 7 months ago. Never started or opened any file from the old system. But now I again experience disappearance of sound, keyboard stopping auto-repeat, conhost.exe, lots of RuntimeBroker processes and LockApp program running. I never inserted a new hard drive before formatting the old one.

Anixx · Feb 24, 2025

The same symptoms repeat: wlanext runs conhost.exe on system start, with window appearing, inverted function of Fn key on the laptop keyboard, bitlocker UI quickly starts and exits on startup.

Anixx · Feb 24, 2025

Okay, so I still have a folder C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\<my profile>\storage\archives\0
dated with 27.02.2024. But I FORMATTED THIS PARTITION after this date.
And before the formatting I could not delete this folder even after booting from a flash drive!
I again cannot delete it due to "unknown error".

Anixx · Feb 24, 2025

So, I cannot delete this file even after booting from flash or by Lockhunter utility on OS restart.

Tester · Feb 24, 2025

Anixx said:
so I formatted the hard drive, and after that robocopied the system from a snapshot of 7 months ago.

Anixx said:
dated with 27.02.2024. But I FORMATTED THIS PARTITION after this date.

7 months ago, that folder of 2024 should have been inside the snapshot/image.

imanlien2020 · Feb 24, 2025

Anixx said:
So, I cannot delete this file even after booting from flash or by Lockhunter utility on OS restart.

If I were you Id start here..theres other expert forums to where techs donate time and really do understand how to fix these things. especially since many of them will write scripts just for your scenario and you run em and bam baddies be gone...lol. Anyway heres 1 site as I say google free expert virus forums etc..Im not saying that people on this forum arent qualified or smart enough etc its just that sometimes there are those Specialists like in any field and on these other forums thats those kinda special help people you may need.
Geekstogo

another..
Bleeping Computer Forums

and Lastly..
TechSupport Forum

Anixx · Feb 24, 2025

Tester said:
7 months ago, that folder of 2024 should have been inside the snapshot/image.

Yea. Looks like this. Anyway, I have deleted it using absolute path. Maybe it is not related to the current symptoms, just a damaged folder.

I also substituted rundll32.exe for wlanext.exe in the registry (image file execution options) so that it could not run.

What bothers me now are:

* Sudden diasappearance of sound.
* When it happens, keyboard auto-repeat also disappears.
* The computer shuts off instead of reboot
* The Fn key function gets inverted and cannot be inverted back even by pressing the required combination. It becomes opposite of what is set in BIOS. Now I prohibited in BIOS switching this behavior and so far it remains default.

Could be hardware problems? Maybe...

andrew129260 · Feb 24, 2025

What happens in safe mode? What happens with a clean boot?

And again, running autoruns with the options > scan options > virustotal check and unknown images check should find any suspicious entries / issues

You have a image. Clean install on the system. See what happens. Swap back to image etc.

Tester · Feb 24, 2025

Anixx said:
keyboard auto-repeat also disappears.

go to settings, ease of access, keyboard, set filter keys to off. Does this work then?

Anixx said:
Sudden diasappearance of sound.

Any errors in eventvwr when this happens?

After restoring the image, did you do all windows updates? on what version win11 version are you know?

Anixx · Feb 24, 2025

Tester said:
go to settings, ease of access, keyboard, set filter keys to off. Does this work then?

Any errors in eventvwr when this happens?

After restoring the image, did you do all windows updates? on what version win11 version are you know?

The keyboard filter is off. No. I did not do all updates yet as I currently have no fast internet. The version is Win 11 23H2 10.0.22631.3593

Jacee · Feb 24, 2025

Use the free File Checker tool to upload a hash of the file to our servers and scan it for hidden malware.
You can check a file that you're not sure of by using a free scan here: File checker: Scan files for viruses

My computer is infected but AV software does not find anything

Well-known member

My Computer

Accroche-toi à ton rêve

My Computers

Well-known member

My Computer

Well-known member

My Computer

Accroche-toi à ton rêve

My Computers

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

EternalSoul

My Computer

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computer

Accroche-toi à ton rêve

My Computers

Similar threads