Hello,
Whenever I restart the PC I receive a Symantec Tamper Protection Alert. It origins from application data\microsoft\Fhgcgh.exe
Also, i can see 2 mspaint.exe proceses running. When I try to close any one of them they restart immediately and in most of the cases detection alert pops up with file names such as 1.exe A.exe B1.exe etc. However, there are cases when one of the files slips through and similarily name processes appeare. Coresponding files appear in application data folder.
What I do next, is close the svchost.exe processes under my user name and close the mspaint.exe files, which do not restart. No more allerts about threats pop up, no more strange processes start up, no more strange files.
When I run a full system scan no issues are found anymore, but when I restart the PC everything starts from schrach.
I have tried looking it up, but with no luck. Is this a new threat? where can I read about it more if no? How can I solve this?
I do not have administrator rights to this PC so the virus should not be in the system files. Is there a way of detecting the main process creating all of those sub-routines?