The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.
Unable to removal malware from Win 7 computer
Hi,
One of our computers which contains critical data, is displaying the attached, this appears to be malware, I've run ComboFix and MalwareBytes in Safe Mode (which both removed files/infections) but the problem remains. I have limited access to the computer as this infection kills most programs as I try to run them. However, there's nothing listed to uninstall in the Program list. There is however a rogue process listed in Task Manager which I'm unable to kill. Any suggestions please?
malware.bmp
One of our computers which contains critical data, is displaying the attached, this appears to be malware, I've run ComboFix and MalwareBytes in Safe Mode (which both removed files/infections) but the problem remains. I have limited access to the computer as this infection kills most programs as I try to run them. However, there's nothing listed to uninstall in the Program list. There is however a rogue process listed in Task Manager which I'm unable to kill. Any suggestions please?
malware.bmp
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 12
Probably easier to remove the disk backup critical files to another drive and reinstall Windows 7 .
Most malware, once on the system, are smart enough to evade the current installed antivirus/antimalware software, as it has the "upper hand" in that case.
The only way to defeat the "upper hand", is to have the malware NOT RUNNING. The only way? Use a boot CD (from Avast, AVG, or other reputable vendors). Obviously, you have to burn (or use USB) this CD/DVD on a CLEAN system (either your laptop, or some friend).
The only way to defeat the "upper hand", is to have the malware NOT RUNNING. The only way? Use a boot CD (from Avast, AVG, or other reputable vendors). Obviously, you have to burn (or use USB) this CD/DVD on a CLEAN system (either your laptop, or some friend).
rogue process listed in Task Manager which I'm unable to kill.
Get Process Explorer from Microsoft SysInternals, install it and run it.
Look down the left side under Explorer for strange (alphanumeric) processes.
Kill these, but do not restart. Run Malwarebytes again to remove malware and then (when done) restart and test.
If it is really bad, then reinstall Windows as suggested above.
Get Process Explorer from Microsoft SysInternals, install it and run it.
Look down the left side under Explorer for strange (alphanumeric) processes.
Kill these, but do not restart. Run Malwarebytes again to remove malware and then (when done) restart and test.
If it is really bad, then reinstall Windows as suggested above.
Don't run malwarebytes in safe mode unless you are explicitly told to do so, or if it won't run in normal mode. It (like most AV tools), needs to run in normal mode in order for it to find and be able to remove most infections.
Restart the PC in safe mode with networking - This should allow you to download and install MaleWareBytes free program. Run the program then go into Start - Run - msconfig. and click on Diagnostic startup.
Then restart - in programs and features sort the programs by install date - the bad one should be apparent.
If you can't get into safe mode - you will have to remove the hard drive and hook it up to another working PC and scan the drive from the good PC.
If you are working remotely - try using Team Viewer - it allows you to reboot in Safe mode w/networking
You will most likely have to use Task Manager File - Run new task to get anywhere. Just youe the remote host version of TeamViewer - not the full program
Then restart - in programs and features sort the programs by install date - the bad one should be apparent.
If you can't get into safe mode - you will have to remove the hard drive and hook it up to another working PC and scan the drive from the good PC.
If you are working remotely - try using Team Viewer - it allows you to reboot in Safe mode w/networking
You will most likely have to use Task Manager File - Run new task to get anywhere. Just youe the remote host version of TeamViewer - not the full program
As I mentioned above, DON'T run malwarebytes in safe mode. Most malware must be active for MBAM to be able to reliably find it, and most malware isn't active when in safe-mode.
If you can't run malwarebytes in normal mode, use the chameleon version of malwarebytes. It won't get recognized by the malware as being malwarebytes, and therefore it will also install and run in normal mode:
https://www.malwarebytes.org/chameleon/
If you can't run malwarebytes in normal mode, use the chameleon version of malwarebytes. It won't get recognized by the malware as being malwarebytes, and therefore it will also install and run in normal mode:
https://www.malwarebytes.org/chameleon/
Just a thought this isnt a case that its run a script to make it start in some special king of startup, Run msconfig check the boot settings to make sure it isnt always starting in Safe Boot!
usually seen this with one of those Windows support calls where they log into your PC and change the settings.
usually seen this with one of those Windows support calls where they log into your PC and change the settings.
If it keeps launching be sure to check:
HKLM\SOFTWARE\Microsoft\Wi
HKLM\SOFTWARE\Microsoft\Wi
HKCU\SOFTWARE\Microsoft\Wi
HKCU\SOFTWARE\Microsoft\Wi
As well as the startup folder. Some times these items will remain and you need to manually remove them.
HKLM\SOFTWARE\Microsoft\Wi
HKLM\SOFTWARE\Microsoft\Wi
HKCU\SOFTWARE\Microsoft\Wi
HKCU\SOFTWARE\Microsoft\Wi
As well as the startup folder. Some times these items will remain and you need to manually remove them.
Thanks for the advice - this is our Call Recording 'server' so I really don't want to have to rebuild it but will do so as a last resort - I'm running an AVG scan on it atm to see if that can give me back the 'upper hand' as Kimputer so appropriately phrased it... Will revert once complete.
Btw, I hadn't refereshed my browser so didn't see all the additional input, will go through each and revert asap - thanks again.
Thank you all for your suggestions - AVG Free in Safe Mode w Networking removed the infected files. I was then able to install run MalwareBytes and HitManPro topped off by CCleaner and finally updated and ran EsetNod32. All now working as normal. Thanks again
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.