Jump to content

Windows Process Manger 32 Bit application running on my 64 bit computer


Recommended Posts

Recently I had some malware get on my computer, so obviously I ran malwarebytes a few times and it found quite a few, I deleted them and moved on. However, I noticed an application that I can't close on my task manager called Windows Process Manager  (32 bit) and it's taking up almost half of my CPU and memory. So I tried running malwarebytes again with no luck. I read some online and found a discussion on it with another cleaner that helped them called AdwCleaner. I ran that and it found a few viruses. 

So I rebooted with no avail. This process is still taking up half my CPU and memory and i don't know how to get rid of it. Any help with this would be greatly appreciated!

Link to post
Share on other sites

The Malwarbytes is a little older then the others cause it is not detecting anything (anymore). 

But I did have something odd with it. There was something called Riskware on and I scanned, removed and rebooted my computer. And when I would scan again it would still be there. So I tried opening the directory to it but it kept saying I wasn't able to remove it. But like I said before that is gone but this 
program is still running.

FRST.txt

Addition.txt

Malware.txt

Link to post
Share on other sites

Hello Drakotha,

Your system is infected with smartservice, and many secondary infections. Lets see if we make progress. Continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Follow the instructions at this link to run MBAR: https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
 
Let me see those logs in your reply....
 
Thanks,
 
Kevin

 

 

fixlist.txt

Link to post
Share on other sites

Here are the 3 files you requested.

 

Also could you give me a quick rundown on what this virus is doing? I couldn't find anything about it with a quick google search and i'm quite curious what its doing to take up half my cpu and also why I just can't end it with task manager.

Fixlog.txt

mbar-log-2017-11-20 (17-52-51).txt

system-log.txt

Link to post
Share on other sites

Hello Drakotha,

The Fixlog.txt is empty, i`m assuming the infection has somehow blocked FRST from making the fix, also MBAR logs also show none of the infected entries being cleansed..... Do you have a USB flash drive, also see if you can boot to the Recovery Environment...

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Download and save to the same Flash drive the attached file "fixlist.txt" (end of reply)

Next,

From your Desktop select the start Flag (bottom lefthand corner of screen)

Hold down the "Shift key" of your keyboard, keep it down and select "Restart"


user posted image


Your PC should open to the "Choose an Option" window.... release shift key.


user posted image


From that window select "Troubleshoot"


user posted image


From the next window select "Advance Options"


user posted image


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter
  • Note: Replace letter E with the drive letter of your flash drive. <<<----vey important
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (Fixlog.txt) on the flash drive. You will need to boot back to Normal windows to post the log, or if applicable do that action from a spare PC...
  • To boot back to windows, type exit at the prompt and hit enter
  • Please copy and paste or attach Fix.log to your reply.


Thanks,

Kevin...

fixlist.txt

Link to post
Share on other sites

I was unable to get my computer to get to the choose an option, I tried your method, aswell as the 2 posted on the Microsoft support page, and another with the command "shutdown /r /o" with the command prompt box. But every time i did one of these options, it would just completely skip that screen and go straight into logging me in.

Link to post
Share on other sites

That is probably down to the infection, i`ll upload a batch file that was compiled by one of the staff guys @LiquidTension that file is designed to boot to the Recovery Environment. I`ll attach it as zip file boot_into_RE_2.zip, unzip direct to your Desktop so you have boot_into_RE_2.bat

Right click on that file and select "Run as Administrator" your system should re-boot to the RE... maybe worthwhile printing off the instructions from reply #6

Thanks,

Kevin

boot_into_RE_2.zip

Link to post
Share on other sites

Select the Windows Key and X Key together, from the list select Command Prompt (Admin) at the prompt copy and paste the following command:

bcdedit.exe /set {default} recoveryenabled yes  then hit the enter key...

If you get a successful prompt type exit and hit enter to close out...

See if you can boot to the recovery environment again....

 

Edited by kevinf80
typing error
Link to post
Share on other sites

If I have to go this far into removing this thing would it just be better to do a hard wipe on my PC? I don't have anything on it that I couldn't get back on. 

 

But IF i really needed to, I could go get the windows install on my USB from the windows website.

 

 

EDIT: Just tried turning on my computer again and I got the black screen...... Well, I very much appreciate that you tried to help me but it seems now that I just have to reinstall my OS. 

Edited by Drakotha
Link to post
Share on other sites

A recovery drive is easier, you need a USB flash drive, 4gb is ok to create the drive with only RE utilities..  Although i`m not sure the infection will allow it....

This can be created on another  PC with windows 10 if necessary. Open the search function on taskbar bottom left, type in create recovery drive hit enter, accept UAC...

In the new window make sure that "Back up system files to recovery drive" is NOT selected... from there select next, follow the prompts from there to create the recovery drive....

That recovery drive will boot any windows 10 system to RE. If system files are loaded it will only boot the PC it was created on. Be aware that any information/data on the USB flashdrive will be lost as it is formatted during the process.....

The bios may already be set to boot from USB, if the system tries to boot to Windows then boot options in bios would need to be amended...

FRST can be loaded to the Recovery Drive after it is created.... Is that ok for you to follow..

Link to post
Share on other sites

I restarted my pc. But this time It went into a cycle of "collecting data" on that blue screen --> "diagnosing your pc" ---> bios menu and back to collecting data. After about 7 times or so, I got that page where I could restart my pc and I did just that. Sorry for not taking your advice but this virus was giving me too much hassle to just not reset my pc.

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.