Been hit with Virus

Hi Experts,

I believe I been hit with a virus.

I can't get rid of it in startup. Every time I uncheck it, it recheck's itself after I click on apply. I can't delete the file from the startup folder.

Its so bad its disabled Malwarebytes.

Please help

See attachments fo the virus. The name is rvjwphpc

Cheers
virus-in-msconfig.jpg
virus-in-startup.jpg
cpatte7372Asked:
Who is Participating?
 
willcompConnect With a Mentor Commented:
Follow the general guidelines in this article by younghv. Run RogueKiller to stop malware processes and then try to run MBAM. If MBAM has been corrupted, you will need to reinstall it. http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6550-2012-Malware-Variants.html

Followup with TDSSKiller.
0
 
smckeown777Connect With a Mentor Commented:
Can you reboot into Safe mode and then try the delete
Sounds like its running which is why you can't delete, you should be able to once in Safe mode
0
 
cpatte7372Author Commented:
smckeown777

Thanks for responding.

To enter safe mode in Windows 7, is F7?

Cheers
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
smckeown777Commented:
No F8 like XP
Press before the Windows logo appears when u start the pc
0
 
pony10usConnect With a Mentor Commented:
Can you access task manager?  You may find it in there and be able to end task it and then delete the file.
0
 
cpatte7372Author Commented:
Thanks guys for your assistance with this.  I had to run out, but I will definitely be going through your suggestions.

I will let you know how I get on. And thank you

cheers
0
 
Sudeep SharmaConnect With a Mentor Technical DesignerCommented:
Please post the logs of the tools that you run posted by willcomp above.

Thanks
0
 
cpatte7372Author Commented:
ssharma,

Can you provide me with the link to roguekiller. The link provided above doesn't provide the application - unless I'm looking in the wrong place?

Cheers

Carlton
0
 
willcompCommented:
0
 
9660kelCommented:
You will probably need to run the FixNCR before you can run the rest of the tools.

It looks like you have been blocked from admin activities.
0
 
Russell_VenableConnect With a Mentor Commented:
cpatte7372,
Actually, From the pictures posted it does not look like the exe file extension has been modified. Further more. Safe mode can cause your machine to have greater damage by allowing the malware to replace windows protected files. Roguekiller will wipe the process tree, it will not however clean the svchosts list. Which is why the error reported above  "File in use" - "The action can't be completed because the file is opened in a Host Process for Windows Services". This is a generic error caused if you try to modify/delete a active service running under SVCHOST.exe.

Can you update use on what you have tried?

Try attempting to install MBAM as a randomly named executable. If that wont run you will need attempt to run combofix and post the log. If it removes entries in its initial scan it will be reported in its logfile located in the c:\ drive after its done scanning just post that log.

What happened before you noticed this process was added to the startup folder? Did you download/install anything new? Or even visit a odd website?
0
 
cpatte7372Author Commented:
Thanks guys
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.