For some strange reason my computer has picked up a virus (probably).
I'll start with the basic:
My OS is Windows 7 x64 Ultimate RTM (Downloaded from technet)
I run AVG Free daily with all security options enabled.
Were should I begin... All started with my system just stoped responding and after a rebbot not all of my autostart-programs started. So this means I need to start AVG manualy.
After a bit of searching in taskmanager I found I have two lsass.exe running. One wich is the Local Security Authority Process and one that has no description.
The one that is fake, named lsass.exe *32 (this makes me think it's a virus since I run a 64 bit OS), changes PID every second which makes it imposssible to stop in the taskmanager or with the taskkill command in cmd with the /p switch. Trying to stop it with /f /im lsass.exe just shuts down the computer after a minute.
I've tried to start in safemode and remove it which was successfull, but when I booted into windows normaly the process was back again.
The file is located directly on C:\ (another thing that makes me think it's a virus). I've scanned my computer with both AVG, Malwarebytes and Spybot. But nothing can delete it, or even find it.
Another process running is cnktva.exe, that exe file is located in my Temp folder and is also impossible to delete. Ending it in taskmanager just makes it start again with a different PID. I've googled the name but haven't found anything about it!
Please help me with this, I'm in great need of this computer right now!
After booting up into safemode once more, I could delete both lsass.exe from C:\ and the cnktva.exe from my Temp folder. I ran some cleanup programs and now when I boot up my computer the files are gone and doesn't show up in taskmanager. As an IT-consultant this sounds starnge, nothing just works this easy ^^ Is there any chanse that the virus still is running?
The reason I ask this is because AVG doesn't start automaticaly and neither does another few applications on startup. This even if they are marked in the startup tab of "msconfig"...