Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Unable to removal malware from Win 7 computer
Hi,
One of our computers which contains critical data, is displaying the attached, this appears to be malware, I've run ComboFix and MalwareBytes in Safe Mode (which both removed files/infections) but the problem remains. I have limited access to the computer as this infection kills most programs as I try to run them. However, there's nothing listed to uninstall in the Program list. There is however a rogue process listed in Task Manager which I'm unable to kill. Any suggestions please?
malware.bmp
One of our computers which contains critical data, is displaying the attached, this appears to be malware, I've run ComboFix and MalwareBytes in Safe Mode (which both removed files/infections) but the problem remains. I have limited access to the computer as this infection kills most programs as I try to run them. However, there's nothing listed to uninstall in the Program list. There is however a rogue process listed in Task Manager which I'm unable to kill. Any suggestions please?
malware.bmp
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most malware, once on the system, are smart enough to evade the current installed antivirus/antimalware software, as it has the "upper hand" in that case.
The only way to defeat the "upper hand", is to have the malware NOT RUNNING. The only way? Use a boot CD (from Avast, AVG, or other reputable vendors). Obviously, you have to burn (or use USB) this CD/DVD on a CLEAN system (either your laptop, or some friend).
The only way to defeat the "upper hand", is to have the malware NOT RUNNING. The only way? Use a boot CD (from Avast, AVG, or other reputable vendors). Obviously, you have to burn (or use USB) this CD/DVD on a CLEAN system (either your laptop, or some friend).
rogue process listed in Task Manager which I'm unable to kill.
Get Process Explorer from Microsoft SysInternals, install it and run it.
Look down the left side under Explorer for strange (alphanumeric) processes.
Kill these, but do not restart. Run Malwarebytes again to remove malware and then (when done) restart and test.
If it is really bad, then reinstall Windows as suggested above.
Get Process Explorer from Microsoft SysInternals, install it and run it.
Look down the left side under Explorer for strange (alphanumeric) processes.
Kill these, but do not restart. Run Malwarebytes again to remove malware and then (when done) restart and test.
If it is really bad, then reinstall Windows as suggested above.
Don't run malwarebytes in safe mode unless you are explicitly told to do so, or if it won't run in normal mode. It (like most AV tools), needs to run in normal mode in order for it to find and be able to remove most infections.
Restart the PC in safe mode with networking - This should allow you to download and install MaleWareBytes free program. Run the program then go into Start - Run - msconfig. and click on Diagnostic startup.
Then restart - in programs and features sort the programs by install date - the bad one should be apparent.
If you can't get into safe mode - you will have to remove the hard drive and hook it up to another working PC and scan the drive from the good PC.
If you are working remotely - try using Team Viewer - it allows you to reboot in Safe mode w/networking
You will most likely have to use Task Manager File - Run new task to get anywhere. Just youe the remote host version of TeamViewer - not the full program
Then restart - in programs and features sort the programs by install date - the bad one should be apparent.
If you can't get into safe mode - you will have to remove the hard drive and hook it up to another working PC and scan the drive from the good PC.
If you are working remotely - try using Team Viewer - it allows you to reboot in Safe mode w/networking
You will most likely have to use Task Manager File - Run new task to get anywhere. Just youe the remote host version of TeamViewer - not the full program
As I mentioned above, DON'T run malwarebytes in safe mode. Most malware must be active for MBAM to be able to reliably find it, and most malware isn't active when in safe-mode.
If you can't run malwarebytes in normal mode, use the chameleon version of malwarebytes. It won't get recognized by the malware as being malwarebytes, and therefore it will also install and run in normal mode:
https://www.malwarebytes.org/chameleon/
If you can't run malwarebytes in normal mode, use the chameleon version of malwarebytes. It won't get recognized by the malware as being malwarebytes, and therefore it will also install and run in normal mode:
https://www.malwarebytes.org/chameleon/
Just a thought this isnt a case that its run a script to make it start in some special king of startup, Run msconfig check the boot settings to make sure it isnt always starting in Safe Boot!
usually seen this with one of those Windows support calls where they log into your PC and change the settings.
usually seen this with one of those Windows support calls where they log into your PC and change the settings.
If it keeps launching be sure to check:
HKLM\SOFTWARE\Microsoft\Wi
HKLM\SOFTWARE\Microsoft\Wi
HKCU\SOFTWARE\Microsoft\Wi
HKCU\SOFTWARE\Microsoft\Wi
As well as the startup folder. Some times these items will remain and you need to manually remove them.
HKLM\SOFTWARE\Microsoft\Wi
HKLM\SOFTWARE\Microsoft\Wi
HKCU\SOFTWARE\Microsoft\Wi
HKCU\SOFTWARE\Microsoft\Wi
As well as the startup folder. Some times these items will remain and you need to manually remove them.
Thanks for the advice - this is our Call Recording 'server' so I really don't want to have to rebuild it but will do so as a last resort - I'm running an AVG scan on it atm to see if that can give me back the 'upper hand' as Kimputer so appropriately phrased it... Will revert once complete.
Btw, I hadn't refereshed my browser so didn't see all the additional input, will go through each and revert asap - thanks again.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial