Jump to content

Search the Community

Showing results for tags 'rootkit'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Android Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • False Positives
    • Translator Lounge
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 104 results

  1. Hello: Sorry if this has been asked before. I've already searched but since I don't know the name of this malware, I can't find it. There's a possible rootkit that keeps reinstalling programs on my Windows 7. These programs are "Safe finder" "Butler" and some others. When I uninstall these programs, they appear againg shortly after, and they keep opening by themselves and my browsers keep opening new tabs that lead to spam. I've tried using Malwarebytes and it removes these programs really fast. But when the computer restarts after the cleaning, the programs appear again. I've found the icon displayed on the photos on the toolbar and when I shut down the computer. And it seems to be running on the backround installing something. My guess is those programs. Anyone knows what it is and/or how to remove it? Thank you!
  2. I downloaded a program from a third party website and now I have what I believe is a rootkit that I can't delete from my computer. I've uninstalled everything possible, scanned with Malwarebytes and Norton and they remove everything except a file called wmcagent.exe and some folders with weird names like snoteku. It is in my User/Appdata/Local folder. I cannot delete it or a few folders I believe are associated with it. It only says access is denied. I've used the Malwarebytes AdwCleaner and Anti-rootkit and the Norton variants and it can't remove it, or don't detect it. There are two programs running in task manager called "client" and I can't end them, or they just restart later. I even reinstalled Chrome and double checked all my browsers to make sure it's not an extension. I followed some of the steps from this because I believe this is the same problem. However I am not sure and would rather not go through some of the complicated steps toward the end if I don't have to. Towards the end of the guide, they use the FRST executable, and paste the text inside and click fix. His does not work and mine does, the rest of the guide is dedicated to finishing his problem; however it is not clear if they ever fixed the problem. Any advice? Attached is a few files from the guide that might be helpful to look at. FRST.txt Addition.txt Fixlog.txt
  3. Hi so i got a pretty crappy virus, normally i am pretty good with manual removal myself however this one is realllllly a pain and malwarebytes hasnt worked for it nor detected it...i am attaching my frst scan to this post in hopes of some solution i saw you helped another guy remove the same thing people need to watch out this thing is coming bundled with software that seems legit make sure you take my advice and download only from official links if you can otherwise you will be in the same boat possibly or worse. FRST.txt Addition.txt
  4. Hello, Im new to this forum and I would be extremely grateful if anyone here could give me some advice on how to remove encrypted syswow64, (possibly zero access rootkit), from several usbs that I got that have been infected when they where inserted in windows computers that I got that were attacked by hackers. The hackers installed a system administration server on my network and attacked my computers with some kind of synzcronization worm/virus that synced and even infected offline devices, (that contained Bluetooth and smartcard etc), like Television, digital TV box, dvd, printer and phones. Programs that I detected on my computers that they were using were among others, syswow64, bluetoothshare, various installation hooks, svchost, microsoft synchronization feeds, keyloggers, infrared, remote Control programs, malicious code and code changer programs etc. When I scan the usbs with regular virus Scans like Kaspersky or Norton they all comes out Clean and no names shows up during the scan but when I scan the usbs with microsoft forefront scanner it also comes out as Clean but during the scan all the rootkit names show up though. The names that comes up includes for example syswow64, catroot, system root: nearby devices, hkmmodule installation hook, netframework installation hook, microsoft feeds synchronization, subsystem spooler system, mobilesynch.exe, tablet/pcsynch.exe, rundll.32.exe and many more. I have run the scan on all photos separately that is stored on the usbs and the same rootkit names shows up during the scan on every single photo and also, when I did a test and removed all files from one usb, so that it was empty, all the names still showed up when I scanned it and I could also see that the rootkit, (although I cant see it as it is encrypted), took up 0,8 gb of space on the usb since there was only 7,2 gb left for me to use although the size of the usb is 8 gb so if the usb were really empty there should be 8 gb space left for me to use, not 7.2 gb. What I would like to know is if anyone here knows if theese types of encrypted rootkits is possible to remove at all fro usbs so that I can get my photos, and if so how? Is there any antivirus website where I can upload the photos that can Clean the rootkit completely out of the usb and photos or should I go visit some computer specialist store instead, or is it enough if I just burn the photos over to a dvd and then the rootkit will dissapear byitself, or is there nothing that can be done at all? Anyone that knows the answer to theese questions please feel free to send me messages either in this thread or you can send me private messages to my profile here on this forum aswell if you like. All answers are extremely appreciated
  5. Hi, I had issues with my laptop and after running Malware bytes it located 4 rootkit.fileless.MTGen and 2 Trojan.Fileless.MTGen instances. I have quarantined them but how can I be sure that this has removed everything? Also how concerned should I be that these things were on my computer? What other steps are recommended to ensure the issues are resolved? Appreciate any guidance provided
  6. My virus is pretty much exactly the same as the one experienced by another user in this thread. I've attached my fixlog to this post, thanks in advance for the help! Fixlog.txt
  7. My laptop (Windows 8.1, 64-bit) recently was infected with what I believe is the smartservice rootkit/virus. I somehow disabled its ability to prevent MBAR/Malwarebytes from opening, so I can (and have) scanned with them to no avail. The infection seems to be in two folders located at AppData\Local\pwdacnz and AppData\Local\cwaitrx. It manifests itself as a multiple Windows Process Manager (32 bit) entries which are all named pshlxct.exe I have also used Roguekiller, Adwcleaner, FRST, GMER, TDSSkiller (didn't work) and Rkill. Roguekiller was able to detect and (I think) delete pwdacnz and cwaitrx at first but when I restated my computer the folders re-appeared. I recently ran windows update and my windows security should be updated, if that matters at all. Here are my FRST logs. Here's my mbar log as well. I have access to a USB drive and clean computer. FRST.txt Addition.txt mbar-log-2018-05-06 (19-33-45).txt
  8. Malwarebytes rootkit beta problem
  9. I had ran a rootkit scan got 3 winzips. I removed these and after doing so malwarebytes has been having problems contacting the license server, it asks me to check my network settings. I could restore them but i have read their are no necessary rootkits for malwarebytes to run and this only happens on one of the two computers i have malwarebytes installed on.
  10. First off- using a vm machine, host OS is ubuntu linux- the logs attached are from Virtual Box of a Window 10 machine. I have to use a linux machine because; - can not reinstall any Windows without the infection hijacking the install, I've tried installing WinXP, 8.1, 7, 7 pro, WinUltimate, -during reinstall, at the cd/rom loads, then at a point the install instructions are taken over, and a similiar gui appears to complete install. -infects any device attached physical of network, usb will be formatted automatically (fake warning posted gui) -registry is infected -possible firmware exploited, usb and pci seem to be used as alternate devices, -system32 files are unusual -unable to flash bios -appears as hidden sector or directory, hijacks the mbr, -has the ability to replicate if deleted or core files, registry is changed -suspected WMI Shell running with TRUSTED INSTALLER -Possible ChipSec related? I think I've tried everthing as far as scans, rkhunter, Hirens Boot Cd, Process Monitor, msconfig, BIOS settings, hdd replacement. All my machines at home are down/infected. Only way to get back was Linux, and using VM to start Windows 10. This is from a enterprise PC Tech Level 2 working at home. FRST.txt Addition.txt mbt first scan.txt
  11. Hi, I've been having ongoing issues with my PCs and network. Despite me having an active Internet connection my ISPs Tech's are unable to connect using LMIR. This problem has been ongoing now since approximately the middle of last year. I'm running Windows 10 x64 (should be fully updated,) however, I'm using a Linux Shell (ESET SysRescue) disc to make this post. I'm relatively familiar with malware removal, having assisted others many times on forums. I need fresh eyes to look at my problem please. I've run AdwCleaner. I have also run: JRT, FRST64, MBAR 10, TDSSKiller, ESET Online Scan, ESET SysRescue, SVRT, plus quite a few more tools, all to no avail. I have a fully licensed version of Malwarebytes Installed & up to date. I am unable to have GMER or ASWMbr complete a scan without ending up at a BSOD. Error is: IRQ Less than or not equal. FRST64 scans show ADS coming from zipped tools on my Desktop. FRST64 will not update despite it advising that an update has been found. The Desktop is Shared to Public. The first warning I received that something was amiss was a mass (hundreds) of WMI or WMIC warnings over a few seconds courtesy of Kaspersky Total Security. I have re-partitioned and reformatted my drives (SSD+HDD) multiple times along with multiple re-installs of Windows. Windows Defender updates show as downloading and installing, however, as you will see from The FRST logs they do not actually seem to be being applied. Malwarebytes Active Protection intermittently disables itself and I am unable to restart it without a reboot. I have also re-flashed the BIOS and updated the Firmware. The initial Spectre/Meltdown Patches have been applied. Still waiting for the latest patches. I strongly suspect a Rootkit\Backdoor of some description, especially given the inability to scan fully with GMER and ASWMbr. (Note: The initial "Quick Scan on startup of GMER does complete.) Other symptoms include: Cursor movement with no local user interaction. Documents closing for no reason. The HDD has vanished on several occasions, requiring me to re-partition and re-format it via Linux Shell. Inability to obtain and maintain a VPN connection. Several "Unknown User" accounts on some files when viewing the Security Tab in Windows. What seem to be intermittent DDoS attacks. Changes in Router Settings without any action by me (or any other local user.) Evidence of an Apparent work around for DEP (possibly ASLR) by utilizing Compatibility Mode. DLL Files located in various folders with the text reading Right to Left rather than Left to Right. Presence of an inordinate number of Windows XP and Vista files. On booting to Windows a text file opens from C:\Programdata\Startup called errorlog.txt which has always been blank. Incredibly slow Internet connections on a very fast network. Despite deliberately disabling OneDrive, connections being established to multiple OneDrive and SkyDrive accounts which are not known. Files disappearing for no valid reason. Anti-Virus appears to be working, however, on checking with Kaspersky following submitting diagnostics & receiving emails stating no problem was found, they tell me the submitted data was "Unreadable." Complete loss of Internet functionality at times, for no apparent reason. I have also found what appears to be a Ransomware Demand embedded in Fontcache when using Adlice PE Viewer. The payment amount was 0.37 Bitcoin. Also found in this file was the text string "This Dynasty." When using TCPView, upon starting there may be many tens of connections that rapidly drop off after a few seconds. Autoruns shows an IE Image Hijack. The version of IE reported by most diagnostic software shows as 5.0. Changes in location of the cursor whilst typing without palm interaction with the touchpad. There are probably more pointers that I've forgotten. I did locate the Malwarebytes reports, however, I am unable to attach them in their native *.json format. I've converted a JSON to TXT and attached that. I also noted that in C:\programdata I have the subdirectories "Malwarebytes" and "Malwarebytes' Anti-Malware (Portable)" Thanks in advance for your time. It's much appreciated! Thanks, Mal FRST.txt Addition.txt Last_MWB_Scan_JSON_Renamed_TXT.txt
  12. Hi, i'm going to do a windows clean install and i have already analiced my pc with my antivirus and with malwarebytes, i have also used a couple of cleaners. malwarebytes found a couple o malwares but i have already removed they. ir order to be completely sure that there aren't any malware in my computer i was thinking in use a bootable antivirus (i think that a low level format will be to much time for the hdd of 1 tb, how much time do you think that it will need? its a good idea to do it?) i have never had a really bad malware in my computer and i have used antivirus from the first day but my question is: do you think that is a good idea to use a bootable antivirus? because since i'm going to format i wanted to be sure that my pc is totally clean. i know that there are rootkits that are almost invisible for the common security software. although i have my pc scanned and nothing was found, do you thing that a bootable antivirus could remove something that have not been found yet? or the only thing i can do is a low level format?
  13. I have tried many different antivirus programs to try to get rid of a trojan called Win32/Nevoros.B!Rakr. Its main file is one called isowebi.exe The main problem is the file folder and all files in it are protected. There is no way to change the name, edit, delete. Taskkill cannot stop, or cancel the operations this application does. Because the folder and all contents are protected my one trick was to lock out new programs or folders it created so it couldn't find them again yet that means leaving them on the system. The program loads grenades, touchy, other svc's for the net, and even bit coin mining programs. Used malware bytes rootkit beta didn't work either. The only thing I can think to do is to create a new window boot file, or edit the one I have, but not really sure if that will work.
  14. Have good reason to believe that current laptop is infected, my phone and other laptop have been infected and I have had to send the other laptop to repair, and my phone to be flashed. Current laptop is windows 8 Lenovo z50, have done Lenovo reset from the Lenovo button, when running the laptop a large amount of GB is already used, battery life is terrible and does not charge past 58%, and then drops to 5% in a few minutes after unplugging (however the laptop is 3 years old), I have tried installing Mbam anti Rootkit, it installed successfully but doesn’t update (failed to resolve host) and the internet connection is working. Have also installed GMER and it starts to scan, but then crashes. I would just like help in detecting if there is a Rootkit, and possible ways to remove it or would I have to get the bios flashed? Any help would be greatly appreciated! Thank you.
  15. Good afternoon and Happy New Year! I *just* got a new laptop from Dell - Inspirion 7370 as my previous laptop was aging and seemed to have it's own infections. As soon as I signed into my Microsoft account to install everything, files that synced from prior computer appear to have installed on my new one. I can tell because the packages such as Microsoft Photos, Edge, etc. are named the same as my prior computer and they have dates all prior to when this my current laptop was even created. I've already gone through resetting, clean install, etc, but nothing thus far has worked. I have the option of sending this back to Dell for them to try to repair, but I'd be without my laptop for 12 days. I'm hoping that by posting here, if it is a malware issue, the fine experts might be able to save the time, money, and agony over sending this thing to Dell. I may end up trying to just send it back entirely if we don't make any headway here. So, I tried re-installing Malware Bytes (I have a premium account) but it could not connect and so I ran the MB-Clean which seems to not have been able to get uninstall it. I've pasted that log, as well as the FRST Log and Addition log. I look forward to working with an expert helper closely and will follow all instructions you provide - I know your time is valuable and I sincerely appreciate in advance any help I may receive. Thank you!! PhxGuy FRST.txt Addition.txt mb-clean-results.txt
  16. Hello there, One of my machines using running on Windows Vista SP2 has a semi-serious problems, even i cannot name it. This is the final chance for me to figure out whether i'm safe or not. Here is the issue. I came across a malware a few years ago which is infected my machine through a non-secure JAVA web applet. After this infection, i immediately took some actions and tried neutralizing malware and cleaning as well, i also used Malwarebytes 1.x and 2.x series. After some years have passed, i still noticed that the nasty and non-existent registry entry of this malware is still visible by regedit, and GMER. I had no abnormal activity since then, and tried numerous rootkit removers listed below with following results: - GMER: Shows hidden driver service highlighted red but unable to remove / disable because it's not existed in fact (IMHO). - Sophos Anti-Rootkit: No malware is found, system is clean. - BitDefender Anti-Rootkit: No malware is found, system is clean (scan took very short though, not sure why). - Kaspersky TDSS Remover: No malware is found, system is clean. - Rootkit Hook Analyzer: No malware is found, system is clean. - Symantec TDSS Fix Tool: No malware is found, system is clean. -...and finally Malwarebytes Anti-Rootkit BETA along with Malwarebytes Premium (3.3.1) edition: System is clean, no malware is found. Although almost all of major removers say that the system is clean, i'm so picky that i have no idea why regedit and GMER display the presence of malware (PragmaXXXXX - random numbers), especially regedit shows error immediately when i click on this key as if it does NOT exist, but i can't do anything even i try a lot of methods including running regedit under SYSTEM account, running offline registry editor using recovery disc, and using command prompt. It seems a kind of very strange glitch in registry file, and it cannot be removed there eventhough the entry (PramaXXXXX) is shown. I'm attaching all the screenshots that would help on describing the issue, along with FRST log, addition.txt log and MBAM Anti-Rootkit log file. I'd be so grateful if there is any additional steps to take other than formatting the whole drive, as i have a lot of documents and installations with senstive configurations. Thanks in advance! Addition.txt FRST.txt system-log.txt
  17. Hello I seem to have an infection on my windows 8.1 with at least a ((Rootkit.Smartservice)) and a (Trojan). I'd appreciate your help. Multi (Windows Process Manager) tasks used to appear in Task Manager, but not anymore after I changed their permissions. However, everytime I start my Windows I find in Task Manger a process called (msdpguvsrv.exe), sometimes being the first task for CPU and Disk. It is Located in C:\windows/Temp, I managed to stop it with a program but it won't get deleted or quarantined. I also find in C:\windows/Temp, a folder called (msidntfs), within it are 2 files (cert.db, SecureTrust Network Root CA 2.cer). I don't know if that is related. Within the Windows folder I found The Malware (AutoKMS_VL_ALL) Folder, and The (autokms_vl_all.exe) Malware File, and deleted them. My current situation is.. - EmsisoftEmergencyKit: Rootkit.SmartService : C:\Windows\System32\Drivers\vmrgknqt.sys Gen:Variant.Razy.227680 : C:\Windows\System32\config\systemprofile\AppData\Local\vmtdnlh\vmtdnlh.exe Android.Trojan.Downloader.KZ : C:\Users\USER\AppData\Local\utcomdl\download\PornoHub.3gp.apk - Avast anti rootkit: Service rtkoep C:\Windows\system32\drivers\vmrgknqt.sys **LOCKED** 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffcf8006880770] 3 CLASSPNP.SYS[fffff8000094cabb] -> nt!IofCallDriver -> [0xffffcf800686eb20] 5 hpdskflt.sys[fffff80000e9542b] -> nt!IofCallDriver -> [0xffffcf80061b4e50] 7 ACPI.sys[fffff800004025f1] -> nt!IofCallDriver -> \Device\0000002e[0xffffcf80061987f0] - Malwarebytes: now doesn't detect any problem - AdwCleaner: now doesn't detect any problem - Zemana AntiMalware: now doesn't detect any problem - hitmanpro: now doesn't detect any problem, but _except one time_ it hangs on 99% or sometimes less - mbar: doesn't start - gmer: doesn't start - Kaspersky tdss killer: doesn't start - RogueKiller: doesn't start, and give a message "Windows cannot access the specified device, path, or file"
  18. I am unable to get the Rootkit Scan feature in Premium to stay ticked when I move the slider to ON. If I exit the program, when I go back, it is OFF again. Even if I do NOT exit the program and just click on another tab, when I go back to the PROTECTION tab, it is OFF again. Neither am I am to set STARTUP to delay by 15 seconds. Again, I turn Delay ON with the slider and enter 15 seconds, but same things happens, when I leave the tab, it turns OFF again. I have reinstalled this program, and it has NOT corrected the problem. Thanx for any help.
  19. When I tried scanning for rootkits it seemed to have stopped even though the timer is still ticking. I tried once with full scan and the second time with just rootkit. Both scans seem to have stopped on the same file. I waited between 30 mins to an hour each attempt but the scan never moved past the item. I tried threat scanning and it worked perfectly. What can I do to solve the problem? mb-check-results.zip
  20. Threat scan results: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/14/18 Scan Time: 11:20 AM Log File: fc0fb9b6-f95f-11e7-88f2-1c1b0d63b3b0.json Administrator: Yes -Software Information- Version: Components Version: 1.0.262 Update Package Version: 1.0.3693 License: Premium -System Information- OS: Windows 10 (Build 16299.192) CPU: x64 File System: NTFS User: User-PC\User -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 313979 Threats Detected: 3 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 13 min, 35 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 3 PUP.Optional.BundleInstaller, C:\USERS\USER\APPDATA\LOCAL\TEMP\BIT8ED6.TMP.EXE, No Action By User, [19], [458026],1.0.3693 PUP.Optional.MailRu, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [611], [477962],1.0.3693 PUP.Optional.MailRu, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [611], [477962],1.0.3693 Physical Sector: 0 (No malicious items detected) ------------------------------------------------ From what I can tell this malware is at Least a year old. (looking in public forums - i dont mean a year on my computer) I can't think of any reason why Malwarebytes (which i pay for) hasn't provided a fix for it within Multiple updates. Per forum its been mentioned to MB prior. I found a post in here somewhere from about a year ago providing a fix, but it's probably over 50 steps (beyond any malware fix I've seen, pretty absurd)...and since it was a year ago... I'd REeeeeeeally like to think the MB team has a better solution to remedy this...at least for paying customers. Please advise.
  21. I scanned my pc with Mwb and I had numerous infections popup, the first time it was able to clear all but two. Both were rootkit.agent and the object type was registry key and registry value. I rebooted and tried again and this time it worked. However, everytime i reboot both the malware come back and shows up when i rescan. Furthermore if i use my pc a little and scan, it comes with the 2 rootkits and additional viruses. I have tried several programs but some of them arent even able to identify the rootkits. Any help would be appreciated. Thanks
  22. So the last known programs installed, were on the 18 of this month. Im running windows 10, and i made the mistake of thinking it could handle me torrenting. As I've done it countless times before, on win7 ult and didnt encounter a thing wrong. Anyways, long story short, im infected with something. I've ran countless programs to remedy it to no avail. unhackme, malwarebytes, adw cleaner, roguekiller, and hitmanpro, all based on this websites recommendation. im still infected. upon going through, nearly every folder in my drive (fresh install of win10 so i dont have much)i came across 3 folders that i had no control over, and couldnt delete. dtmhnlx, igfxmtc,wmhtcir. my guess is mining programs, but FRST revealed it to be a trojan. Although im still needing help on what to do to erase this. I want to play my games again without my cpu and gpu hitting max load, for games that arent even modern....also i should note, windows reset, and restore wont work at all. ive put win8 iso on dvd and tried to run on pc but wont read it at all, even disable secure boiot and rearranged the boot order. nothing works. if this doesnt work then i'll have to resort to taking out the hdd and doing a complete partition wipe of it, which i dont want to do because im just lazy. someone please help?
  23. For the past 2 weeks I've been looking for help on removing this virus that I've obtained due to my stupidity. What this virus does is that an exe that has different names after resetting my computer every time will appear in task manager and in the system32 folder, at the moment, it's called wdesziusvc.exe; when i hover my cursor over it it, it says TOSHIBA CORPORATION. After that appears, I won't be able to make restore points, download certain anti-viruses, and go into a recovery environment the normal way (I'd have to tap Shift + F8 upon start up). if wdesziusvc has internet access, it'll use my computer's resources to bring forth another exe called igfxmtc, which will run in task manager and have it's own folder in Appdata/Local folder which i cannot access nor delete. In the task manager, igfxmtc doesn't seem to do anything; idk what it's for but after a few after that, wdesziusvc will use resources again to bring forth this thing called Windows Process Manager (32-bit) with multiple clients, which slows down my computer by A LOT and also has it's own folder, wibxtrg. If i reset my computer to factory settings, you know, wipe everything, They all just come back with with different names except for igfxmtc. I know all this stuff because of the 2 weeks i've had with this problem. Here are some pictures and a FRST and Addition txt attatched. If there's anyone willing to help me out it'll mean a lot to me. 1.) I do have a flash drive that's bigger than 4GB 2.) I do have access to a clean PC Addition.txt FRST.txt
  24. Hello, I have found on the task manager five windows process managers (32 bit) Every time I launch a game on steam, one or two of them would suddenly jump from 60% to 80% CPU usage. I have searched for a solution, scanned with malware-bytes free and adware cleaner, but nothing worked. Then I got mbar, but it just does not start. When I launch it, it would ask for administrator permission, and then nothing would happen. Malwarebytes log Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/22/17 Scan Time: 9:43 AM Log File: 6cf58efe-e726-11e7-901b-4ccc6a8170c6.json Administrator: Yes -Software Information- Version: Components Version: 1.0.262 Update Package Version: 1.0.3543 License: Free -System Information- OS: Windows 10 (Build 15063.786) CPU: x64 File System: NTFS User: MSI\Legitozone (H) -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 351463 Threats Detected: 5 Threats Quarantined: 3 Time Elapsed: 3 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXF.DLL, Removal Failed, [1136], [296186],1.0.3543 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXG.DLL, Removal Failed, [1136], [296186],1.0.3543 PUP.Optional.Conduit, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\SyncData.sqlite3, Replaced, [532], [454835],1.0.3543 PUP.Optional.Conduit, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Replaced, [532], [454835],1.0.3543 PUP.Optional.Trovi, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Replaced, [4703], [454808],1.0.3543 Physical Sector: 0 (No malicious items detected) (end) Adwarecleaner log # AdwCleaner - Logfile created on Fri Dec 22 14:57:08 2017 # Updated on 2017/27/10 by Malwarebytes # Database: 12-21-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\ProgramData\Tencent PUP.Optional.Legacy, C:\ProgramData\Application Data\Tencent PUP.Optional.Legacy, C:\Users\All Users\Tencent ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [2112 B] - [2017/11/2 23:13:50] C:/AdwCleaner/AdwCleaner[C1].txt - [1556 B] - [2017/11/26 5:31:49] C:/AdwCleaner/AdwCleaner[C2].txt - [1564 B] - [2017/11/27 15:30:46] C:/AdwCleaner/AdwCleaner[S0].txt - [2059 B] - [2017/11/2 23:13:30] C:/AdwCleaner/AdwCleaner[S1].txt - [1590 B] - [2017/11/26 5:25:15] C:/AdwCleaner/AdwCleaner[S2].txt - [1449 B] - [2017/11/26 5:28:29] C:/AdwCleaner/AdwCleaner[S3].txt - [1414 B] - [2017/11/27 15:29:53] C:/AdwCleaner/AdwCleaner[S4].txt - [1423 B] - [2017/12/1 21:59:41] C:/AdwCleaner/AdwCleaner[S5].txt - [1491 B] - [2017/12/2 15:42:21] C:/AdwCleaner/AdwCleaner[S6].txt - [1559 B] - [2017/12/6 19:20:20] C:/AdwCleaner/AdwCleaner[S7].txt - [1627 B] - [2017/12/10 2:8:35] C:/AdwCleaner/AdwCleaner[S8].txt - [1823 B] - [2017/12/22 14:35:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt ##########
  25. Hi, I think I'm infected with a rootkit as I cannot back up my computer with blazeback, install bitdefender, or use any of the following programs: malwarebytes anti-rootkit, adwcleaner, hitmanpro, or zemana antimalware. I was able to successfully run MalwareBytes AntiMalware with the 'search for rootkits' (or something like that) checked, but it did not fix the problem. I always run Rkill successfully before attempting to execute these programs with administrative privileges and still get the 'The requested resource is in use.' error. I ran the Farbar Recovery Scan Tool (x64) for windows and attached the created FRST.txt and Addition.txt log files as I've seen in multiple threads. Thanks for any help! FRST.txt Addition.txt

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.