6 Messages
•
220 Points
Virus detection
Hi, I have bought a Maximum security license. It tells me that I have a brhost virus in my laptop. However, when i try to follow online guides to manually remove brhost, i could not find brhost in my task manager or programs. Please advice.
tm_jean
125 Messages
•
3.1K Points
6 years ago
I would just like to verify if the notification came from Trend Micro. If so, please provide a screenshot of the security report for Security Threats by clicking the see more details. Refer to the link below on how to find the said report.
Using the Security Report feature of Trend Micro Security
If you are referring to a different notification about this virus, we would still appreciate if you can provide a screenshot of it so that we'd have an idea what it is about.
I hope you'll be able to provide the needed info above so that we could help you further. Hoping to hear from you soon! :)
Trend Micro Home Users Community
0
gundamex00
6 Messages
•
220 Points
6 years ago
Hi, there is a screenshot, it's been bugging me since the notification keeps popping out. But it is always about the same issue.
0
tm_victor
Prodigy
•
262 Messages
•
5K Points
6 years ago
Can we ask you to click on "See more details" under viruses and post a screenshot of it for the action taken by the Trend Micro program?
You may also perform an additional scan using the Trend Micro Anti-Threat Toolkit.
We hope to hear from you soon.
Trend Micro Home Users Community
0
gundamex00
6 Messages
•
220 Points
6 years ago
Here's the screenshot.
0
aeroplanino78
Superstar
•
245 Messages
•
9.7K Points
6 years ago
Oh wow,
that is a CryptoNight, so you are experiencing high CPU usage?
It is creating cryptocurrencing using your personal resources, CPU and electrical power...
Usually it is activated visiting specific websites, and I'm not sure if it is an installed crypto miner or it works only visiting these websites.
I think your Trend Micro solution was able to block it, as per your screenshot, anyway I suggest also:
- to use an adblock on your web browser to block maliciuos plugins in the web pages that activate cryptocurrency
- Activate Trend Micro web browser plugin, if not
- set your web browser to its default settings to prevent malicious web istes to load by their self
- run a complete scan with your Trend Micro solution
At the moment, check at your CPU load to understand if the virus is active or not.
0
0
gundamex00
6 Messages
•
220 Points
6 years ago
0
0
aeroplanino78
Superstar
•
245 Messages
•
9.7K Points
6 years ago
Yes, it is the exe used to 'do something' instructions, malicious or not. wscript is not malicoius by itself (if it is the original one, of course).
Go to Task Manager, open Startup tab (something like ithis, i have not english OS).
Look at wscript that you are usually stopping. Right click and 'Open File Path'.
What is the file path? And what is its size?
You can perform a sfc /scannow with an Administrator CMD sesson to check and validate system files.
0
aeroplanino78
Superstar
•
245 Messages
•
9.7K Points
6 years ago
So, in my opinion, a previous infection (CryptoNight?) is using wscript (or a malicious version of it) to try to start a malicious VBS script.
Try to run CMD as administrator and type SFC /SCANNOW
It will check if system files are legitim (including wscript), if not, it will try to restore them.
If it not solve, try the following, ignore step 2.
0
tm_yner
14 Messages
•
340 Points
6 years ago
Base on the screenshot that you have sent, the threats that was detected by Trend Micro were removed already. I would like to ask if the pop-ups are still there?
Thank you and have a great day! :)
Trend Micro Home Users Community
0
0
gundamex00
6 Messages
•
220 Points
6 years ago
0
0
gundamex00
6 Messages
•
220 Points
6 years ago
I tried running CMD, but it says there is no problem.
I disabled Window Script Host, but the problem still persists.
0
0
aeroplanino78
Superstar
•
245 Messages
•
9.7K Points
6 years ago
OK check at following:
- Stop brhost service as usual via the task manager.
- Check in installed programs if there is somthing to unknown and deinstall it, if needed.
- Check at your browser extension or add-ons , disabled them and remove if there is something unrecognized.
I think there is some browser extension (Firefox-Chrome) or Add-On (Explorer) that recalls brhost to its malicious activities.
May be also that some kind of malicious software is installed in your computer, so check carefully under installed programs in control panel to check for unrecognized softwares.
Can you disable brhost to run by disabling it in MSC sturtup programs: in Task Manager, locate the brhost in startup tab and before to stop it, right click and Disable.
Scan also using HouseCall
0
0
tm_jean
125 Messages
•
3.1K Points
6 years ago
Hi gundamex00!
Thanks for all the suggested solutions, Max Slo. You may also refer to following troubleshooting steps below.
1. Check for any Potentially Unwanted Application (PUA).
a. Type appwiz.cpl on the Run window and uninstall PUA.
b. Check Startup entries
○ Type msconfig on the Run window.
○ Click on Startup tab.
○ Disable malicious Startup item.2. Remove malicious add-on or rogue extensions from Browsers:
○ Internet Explorer
a. Click the "gear" icon (at the top right corner of Internet Explorer).
b. Choose "Manage Add-ons".
c. Look for any recently installed suspicious browser extensions, select them and click on "Remove".
○ Google Chrome
a. Click the Chrome menu icon (at the top right corner of Google Chrome).
b. Select "More tools" and click "Extensions".
c. Locate all recently installed suspicious browser add-ons, select these entries and click the trash can icon.
○ Mozilla Firefox
a. Click the Firefox menu (at the top right corner of the main window).
b. Select "Add-ons".
c. Click "Extensions". In the window that opened, remove all recently installed suspicious browser plug-ins.
○ Microsoft Edge
a. Click the three horizontal dots icon (at the top right corner of Microsoft Edge), then choose "Extensions".
b. Look for any recently installed suspicious extensions, right click your mouse on these entries and click "Uninstall".3. End all running browser processes.
4. Manually delete detected Coin Miner files.
5. Reset Browser Settings.
Trend Micro Home Users Community
0