Unable to clean PUM.Hijack/Disabled from my Workgroup

[eguven14]

Hello,

I have bought a new computer working on Windows 7 64-Bit last week and been working on setting it up since then. Today first I realized that my hidden files suddenly have become invisible (I had enabled to view them earlier), and regedit didn't show up in one instance and finally I have noticed my "task manager" have disappeared. While searching for this, I was hinted that this could be because of a virus. This was also explaining my poor internet performance issues and snaps for the last few days. So, I have downloaded Malwarebytes and scanned. It found 7-8 objects; I removed them all. But 5 of them insistently reappear when I boot up. have once tried to run MWB on the safe mode, but this didn't work either. I have also checked my old computer running on Windows XP SP3 32-Bit on the same workgroup; it was also infected by the same agents. Can you please help me remove them?

Found issues:

PUM.Hijack.TaskManager

PUM.Hijack.Regedit

PUM.Disabled.SecurityCenter

PUM.Disabled.SecurityCenter

PUM.Disabled.SecurityCenter

[eguven14]

Soon after I have posted this topic, I think I could manage to clean them now at least on my Win 7 machine! I am not yet totally sure but here's how I did: Soon after the boot up, firewall raised a message that it has blocked the activity of "Lightscribe Control Panel". I found this suspicious since there has never been such a report before since this program was installed in the beginning. So I have opened gpedit.msc window, and enabled task manager manually. Then ctrl+alt+del and started task manager; i have "ended process tree" for lightscribepanel.exe. Then deleted that file from the hard disk. Then I have closed down most of the processes that I didn't recognize. Then I have run malwarebytes, performed a quick scan which only showed 3x PUM.Disabled.SecurityCenter, PUM.Hijacks were already gone. I have chosen to remove them; restarted computer and voila! They were all gone... task manager and regedit resumed normal function. I have increased UAC to the highest level and performed a quick scan with MWB several times and it didn't show any threat. I don't know which of these actions were useful... LightScribePanel is HP official software that comes default, so it cannot be the reason itself but maybe was changed by the virus. Or maybe it had nothing to do with that, some of the other processes I closed did the trick, who knows? Sorry for the long text, but I thought it may be useful for someone else if I share this story. On the other hand, I could not yet removed them from my other computer. I'll try a similar procedure on it too now.

[AdvancedSetup]

Hello and

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

Thanks

[eguven14]

Thank you for your interest. I think I have solved my problems thanks to MalwareBytes.

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.