Jump to content

Search the Community

Showing results for tags 'smartservice'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 12 results

  1. While following a guide on how to remove the smartservice virus; i could not boot into windows recovery environment to complete the removal process. I used these guides: I have scanned with Malwarebytes, Adwcleaner, and Farbarx64. after scanning I cannot enter windows recovery environment/ advanced startup options through the windows 10 settings, shift+restart, or from the command prompt. here are my scan results: malwarebytes_3.5.1_scanreport.txt malwarebytes_adwcleaner_report.txt FRST.txt Addition.txt
  2. Have a nearly identical problem to the one in the linked topic above. Was installing DVD editor/menu creation tool that supposedly worked with a legitimate editing tool. Can post link to the site that sold the malware alongside the legitmate tool if you think it'd help to educate people moving forward. Not sure if you have a running list of programs/sites to not download stuff from. Anyway some of the specific file and folder names are different but the obviously fake TOSHIBA CORPORATION ownership, and weird names (Print driver host, Windows Process Manager, etc.) were the same. Was able to delete some of the registry keys, and run MBAR earlier today (see attached logs) but the malicious processes and folders are still alive even after MBAR supposedly deleted a bunch more registry keys and deleted some files. Curiously MBAR didn't find the three malicious folders in my Appdata\Local (see screenshot) mbar-log-2018-01-28 (08-08-46).txt system-log.txt malwarefolders.pdf
  3. Hello I seem to have an infection on my windows 8.1 with at least a ((Rootkit.Smartservice)) and a (Trojan). I'd appreciate your help. Multi (Windows Process Manager) tasks used to appear in Task Manager, but not anymore after I changed their permissions. However, everytime I start my Windows I find in Task Manger a process called (msdpguvsrv.exe), sometimes being the first task for CPU and Disk. It is Located in C:\windows/Temp, I managed to stop it with a program but it won't get deleted or quarantined. I also find in C:\windows/Temp, a folder called (msidntfs), within it are 2 files (cert.db, SecureTrust Network Root CA 2.cer). I don't know if that is related. Within the Windows folder I found The Malware (AutoKMS_VL_ALL) Folder, and The (autokms_vl_all.exe) Malware File, and deleted them. My current situation is.. - EmsisoftEmergencyKit: Rootkit.SmartService : C:\Windows\System32\Drivers\vmrgknqt.sys Gen:Variant.Razy.227680 : C:\Windows\System32\config\systemprofile\AppData\Local\vmtdnlh\vmtdnlh.exe Android.Trojan.Downloader.KZ : C:\Users\USER\AppData\Local\utcomdl\download\PornoHub.3gp.apk - Avast anti rootkit: Service rtkoep C:\Windows\system32\drivers\vmrgknqt.sys **LOCKED** 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffcf8006880770] 3 CLASSPNP.SYS[fffff8000094cabb] -> nt!IofCallDriver -> [0xffffcf800686eb20] 5 hpdskflt.sys[fffff80000e9542b] -> nt!IofCallDriver -> [0xffffcf80061b4e50] 7 ACPI.sys[fffff800004025f1] -> nt!IofCallDriver -> \Device\0000002e[0xffffcf80061987f0] - Malwarebytes: now doesn't detect any problem - AdwCleaner: now doesn't detect any problem - Zemana AntiMalware: now doesn't detect any problem - hitmanpro: now doesn't detect any problem, but _except one time_ it hangs on 99% or sometimes less - mbar: doesn't start - gmer: doesn't start - Kaspersky tdss killer: doesn't start - RogueKiller: doesn't start, and give a message "Windows cannot access the specified device, path, or file"
  4. Hello, I seem to have caught the same virus/malware as member: Yellowdot. Luckily, his issue was resolved. I downloaded FRST.exe. Ran it in recovery environment and have attached the files generated after the initial Scan. I made sure to download FRST.exe to a flash drive on a clean PC, not from the infected one. and I waited until Recovery Environment was open before plugging in the flash drive to the infected PC. I think I need a fixlist.txt. I'd really appreciate some help. Addition.txt FRST.txt
  5. Hello, I've been infected with the smartservice thing like a lot of others I've seen lately. Particularly the igfxmtc one. I've already followed the first steps from the What to do If You're Infected page and have run the FRST. I've been putting off posting here for a while, so I'm a bit worried that it's been on my system for far too long. FRST.txt Addition.txt
  6. I believe I have a smartservice infection because of: - Multiple processes of "Windows Process Manager" on Task Manager making CPU very high - EXE files that I can't delete even as an administrator, tried cmd prompt and everything Any help would be appreciated Addition.txt FRST.txt malwarebytes.txt
  7. For the past 2 weeks I've been looking for help on removing this virus that I've obtained due to my stupidity. What this virus does is that an exe that has different names after resetting my computer every time will appear in task manager and in the system32 folder, at the moment, it's called wdesziusvc.exe; when i hover my cursor over it it, it says TOSHIBA CORPORATION. After that appears, I won't be able to make restore points, download certain anti-viruses, and go into a recovery environment the normal way (I'd have to tap Shift + F8 upon start up). if wdesziusvc has internet access, it'll use my computer's resources to bring forth another exe called igfxmtc, which will run in task manager and have it's own folder in Appdata/Local folder which i cannot access nor delete. In the task manager, igfxmtc doesn't seem to do anything; idk what it's for but after a few after that, wdesziusvc will use resources again to bring forth this thing called Windows Process Manager (32-bit) with multiple clients, which slows down my computer by A LOT and also has it's own folder, wibxtrg. If i reset my computer to factory settings, you know, wipe everything, They all just come back with with different names except for igfxmtc. I know all this stuff because of the 2 weeks i've had with this problem. Here are some pictures and a FRST and Addition txt attatched. If there's anyone willing to help me out it'll mean a lot to me. 1.) I do have a flash drive that's bigger than 4GB 2.) I do have access to a clean PC Addition.txt FRST.txt
  8. i have the same virus and issues ive tried everything in all the threads and i cant get rid of it their is another one for me to and i cant get rid of it either my avast picks up one called serxovp
  9. Hey all, got infected by several rootkits/smartservice. browsed around the forums and came to this So i downloaded farbar and did a scan and got my logs attached. could someone make me a fix file. and just a fyi, ran mb rootkit removal, and all the other removal programs. dont do anything and this virus blocks me from opening any antivirus. FRST.txt Addition.txt
  10. I've been trying every anti-malware scanner I can find to get rid of this but it's been super pesky and resilient. Not being detected by any current scans (used MBAR, ESet, JRT, etc) Upon boot I have a rekobdt.exe hogging CPU resources. It originates from this folder which is inaccessible C:\Users\SAM\AppData\Local\pwabnml C:\Users\SAM\AppData\Local\pwdrauc I can pinpoint an exact date that these folders downloaded to my computer- 11/1/17 -11/2/17 Addition.txt FRST.txt
  11. Hi guys, I've spend a couple days trying to fix this myself from looking at other people's solutions and I haven't been able to get anywhere. The issue is this: When I try to run most executable files, I get a message saying "The Requested Resource is in use", and I can't run it. Other system functions are also not working, such as being able to factory reset my computer (windows 10 cmd line: systemreset -factoryreset //receives an error message), or being able to do the windows 10 "fresh start" which keeps your files but re-installs the OS. I downloaded malwarebytes and the mwb-rootkit and have run both, as well as the FRST tool. Here are all the logs: I'm kind of at my wit's end here, can anyone help me out? Even getting me to the point where I can do a factory reset? Thanks for your help! Let me know if I can provide any additional information. Addition.txt FRST.txt mwb threat scan.txt mbar-log-2017-09-19 (09-20-12).txt system-log.txt
  12. I can't open most anti-virus software, and those that open either require money cleanup or don't solve the rootkit issue. The worst part of the infection is that I can't use my physical keyboard. I am willing to try any method. I installed FRST at the start of the infection. Here is my scan log: FRST.txt EDIT: Additional scan information. Addition.txt
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.