Jump to content

"Winvmx Client" taking all my cpu


Recommended Posts

  • Root Admin

Yes, that's what I was afraid of. You have a rootkit that is preventing removal and stops other tools from removing it too. Let's try the following.

 

Please download Farbar Recovery Scan Tool and save it to a USB flash drive.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

Plug the flash drive into the infected PC and start the computer into the Recovery Options for Command Prompt.

Windows Vista, 7

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

Windows 8, 8.1
Please see
How to use the Windows 8 System Recovery Environment Command Prompt

Windows 10
Please see
How to Start Windows 10 in Safe Mode with Command Prompt

How to Boot to Advanced Startup Options in Windows 10

Note: In case you can not enter System Recovery Options by using F8 method, you can use a Windows installation disc, or make a repair disc.
Any Windows installation disc or a repair disc made on another computer can be used.
Choose one of the options below to download and create a Windows Repair Disk or Installation Disk. Either one can be used.

How to Create a Windows 7 System Repair Disc
How to Create a System Repair Disc in Windows 10
Microsoft Windows and Office ISO Download Tool

You may also download from Microsoft but you will need to input your license key first. The above links do not require your key

Download Windows 7 Disc Images (ISO Files)
Download Windows 8.1
Download Windows 10

 

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • Notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.

 

 

I'll be out of town for most of the day tomorrow but later in the night I should be back and will reply to you then with more instructions on removal depending on what all we find.

Thanks

Ron

 

 

Link to post
Share on other sites

  • Root Admin

Yes, this is a rootkit. Please run the following and it should remove most of it. Then we can do final scans and cleanup after.

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Link to post
Share on other sites

So I ran it and then tried Malenarebytes anti-malware, it worked and I cleaned my computer. I cleaned the files and when I restarted my computer it told me It signed in as a temporary user and files could not be accessed and all changes would not be saved. How can I get my data back?

Link to post
Share on other sites

  • Root Admin

First thing I would like you to try is to start in safe mode and let me know if it starts in the normal account

 

Reboot your computer in Safe Mode.

For Windows 8 or Windows 10 follow the instructions here – http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/

For all other Windows operating systems follow the instructions here – http://support.eset.com/kb2268/?locale=en_US

Link to post
Share on other sites

  • Root Admin

Sorry for the confusion, but I need to know what state the computer is in now.

Are you able to log into Windows in Normal Mode now and into your account?

If you're able to login to a temporary admin account from Safe Mode you may be able to go into Control Panel, Manage User Accounts and change the password on your account.

Please let me know.

Thanks

 

Link to post
Share on other sites

It's not that I can't log in. When I log into my main user, it loads with "Preparing Windows" instead of "Welcome". After it loads a pop comes up saying "You have logged into a temporary account, you cannot access your files and changes you make will not be saved." 

The path in the registry changes to TEMP instead of my main one.

Link to post
Share on other sites

  • Root Admin

Yes, unfortunately, it would seem that Windows 10 is more susceptible to user profile corruption. A simple search on Google show almost 5 million hits for this issue and only about 3.2 million hits on Windows 7, but Windows 7 has been out for many years now. Windows 10 only a couple, yet still has more hits than Windows 7 with many years out in service.

There are articles on how to move user data to a new user profile if needed.

Is there something else I can assist you wth then?

Thank you

Ron

 

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.