Link to home
Start Free TrialLog in
Avatar of t38

asked on

Unable to removal malware from Win 7 computer

One of our computers which contains critical data, is displaying the attached, this appears to be malware, I've run ComboFix and MalwareBytes in Safe Mode (which both removed files/infections) but the problem remains.  I have limited access to the computer as this infection kills most programs as I try to run them.  However, there's nothing listed to uninstall in the Program list.  There is however a rogue process listed in Task Manager which I'm unable to kill.  Any suggestions please?
Avatar of David Wall
David Wall
Flag of United Kingdom of Great Britain and Northern Ireland image

Probably easier to remove the disk backup critical files to another drive and reinstall Windows 7 .
Avatar of Kimputer

Most malware, once on the system, are smart enough to evade the current installed antivirus/antimalware software, as it has the "upper hand" in that case.
The only way to defeat the "upper hand", is to have the malware NOT RUNNING. The only way? Use a boot CD (from Avast, AVG, or other reputable vendors). Obviously, you have to burn (or use USB) this CD/DVD on a CLEAN system (either your laptop, or some friend).
rogue process listed in Task Manager which I'm unable to kill.

Get Process Explorer from Microsoft SysInternals, install it and run it.

Look down the left side under Explorer for strange (alphanumeric) processes.

Kill these, but do not restart. Run Malwarebytes again to remove malware and then (when done) restart and test.

If it is really bad, then reinstall Windows as suggested above.
Don't run malwarebytes in safe mode unless you are explicitly told to do so, or if it won't run in normal mode. It (like most AV tools), needs to run in normal mode in order for it to find and be able to remove most infections.
Restart the PC in safe mode with networking - This should allow you to download and install MaleWareBytes free program.  Run the program then go into Start - Run - msconfig.  and click on Diagnostic startup.  
Then restart - in programs and features sort the programs by install date - the bad one should be apparent.

If you can't get into safe mode - you will have to remove the hard drive and hook it up to another working PC and scan the drive from the good PC.

If you are working remotely - try using Team Viewer - it allows you to reboot in Safe mode w/networking  

You will most likely have to use Task Manager   File - Run new task  to get anywhere. Just youe the remote host  version of TeamViewer  - not the full program
As I mentioned above, DON'T run malwarebytes in safe mode. Most malware must be active for MBAM to be able to reliably find it, and most malware isn't active when in safe-mode.

If you can't run malwarebytes in normal mode, use the chameleon version of malwarebytes. It won't get recognized by the malware as being malwarebytes, and therefore it will also install and run in normal mode:
Just a thought this isnt a case that its run a script to make it start in some special king of startup, Run msconfig check the boot settings to make sure it isnt always starting in Safe Boot!

usually seen this with one of those Windows support calls where they log into your PC and change the settings.
If it keeps launching be sure to check:


As well as the startup folder.  Some times these items will remain and you need to manually remove them.
Avatar of t38


Thanks for the advice - this is our Call Recording 'server' so I really don't want to have to rebuild it but will do so as a last resort - I'm running an AVG scan on it atm to see if that can give me back the 'upper hand' as Kimputer so appropriately phrased it...  Will revert once complete.
Avatar of t38


Btw, I hadn't refereshed my browser so didn't see all the additional input, will go through each and revert asap - thanks again.
Avatar of t38

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of t38


Resolved the issue myself.  Thanks.