I have a bunch of zip files in my Windows 7 downloads folder and a bunch of folders as well where I unzipped them. The other day I noticed I had quite a few folders and while I still have the zip files I don't really need the folders for now. So, with a view to freeing up space on my c: drive I deleted all the folders and left the zips. The next time I used the Purebasic 4.61 final ide, I got a message box saying: "Windows cannot find c:\users\netmaestro\Downloads\hv\hv.exe" which was an unwelcome surprise. No other apps cause this trigger, just the PB ide. I did some research on the web and found where hv.exe is a trojan masquerading as a windows system file. I updated the virus definitions for msse and defender and ran scans with both. Neither found anything. So I did a system restore to the one restore point that was available, from 2 days earlier, and the problem went away. A couple days later I found why the problem seemed to go away: the restore had put the folders back. ugh. So I found the registry key that identified hv.exe with that path and deleted it. And deleted the folder. And rebooted. Problem still existed. So I downloaded AVG antivirus, restored the hv folder (cause I wanted to see if AVG would find it and do something) and ran a scan. It identified hv.exe as a trojan and said it had cleaned it up. I ran the PB ide, shut it down and same damn thing. AVG said they had a registry cleaner you could use free for 24 hours so I removed the folder and ran that. It said it cleaned up some 3000 null or useless registry entries and that I was good to go. Except the problem persists. So I deleted hv.exe from the hv folder, created a one-line program in Purebasic containing only the keyword END, compiled/saved it as hv.exe in the hv folder and now the ide closes silently. It is running that program and I know the program is now doing nothing malicious but I would still like to repair the thing properly.
Thanks for listening, does anyone have an idea or info about this trojan? I don't want to reinstall my OS, but this is tempting me.
p.s. Sorry for the fleeting moment of doubt, team
but I did a hex search of PureBasic.exe (the ide) for hv.exe and found nothing. I feel like a traitor for even looking.