shalomshachne

I found that I still had a copy in my Recycle bin (oops), and uploaded it to the MB site noted. Hopefully this will help.

I had Symantec running, and also MalwareBytes service. Neither of them detected this. When I saw there was someone actually controlling the mouse on my machine (!?), I ran the MalwareBytes scan, but it did not detect this. I found it using netstat -o.

I found someone hacked into my machine. I ran Malwarebytes but it didn't detect any problem. I used netstat, and I think I found the rogue process, it was called: srchsot.exe. It had installed itself deep in the Windows\System32 directory (\windows\system32\mui\dispspec\Microsoft\). There was an install.bat file and srchsot.exe file in that folder. The install had installed registry keys to auto start when machine restarts. I killed process, delete those files, and associated registry keys. When the process was running it was connected to: h1915849.stratoserver.net:6667 . Below was the suspicious netstat output which helped me track it. TCP SAM-LAPTOP:3575 h1915849.stratoserver.net:6667 ESTABLISHED 4604 TCP SAM-LAPTOP:3586 v-client-5b.sjc.dropbox.com:https CLOSE_WAIT 5804 TCP SAM-LAPTOP:3588 sjc-not17.sjc.dropbox.com:http ESTABLISHED 812 Can you please update your database with this info?