Jump to content
HousesOfTheHoly

Windows Process Manager Removal

Recommended Posts

So a few days ago I got a virus on my computer, but I was able to get rid off most of it with CCleaner and Malwarebytes. I deleted as much of it as I could, but I was unable to get rid of some files (two or three) I could not get rid of these because I was getting the "Access Denied" error every time I attempted to view them. 

I was reading some other topics on this forum about the "Windows Process Manager" BTC miner (or whatever it is), and I followed the instructions listed in those topics, but I'm unable to proceed. I have done the following so far.

  • Scanned with MBAR.
  • Scanned with FRST.
  • Scanned with AdwCleaner 
  • Compiled the logs of said scans into .txt files.
  • Put FRST and the .txt files onto a USB drive.

But, I'm stuck/confused at this point. In the post that I was reading, it said to boot into Advanced Recovery Mode which I have never done before; I followed the instructions to boot into the recovery mode, but nothing worked. I tried the Windows Key + X method, and it didn't work, and I tried doing it from PC Settings and it didn't work. It just said "Please wait..." and then restarted my computer into its normal state. 

This could be my own incompetence or it could be my computer itself, hell, I could be in the recovery mode right now for all I know. Anyways, if anyone wants to help here are the .txt files and some nessicary computer specifications.

  • Windows 8.1 Pro

 

 


  •  

 

 

FRST.txt

Fixlog.txt

system.log

mbar-log-2018-12-27 (01-58-39).txt

Share this post


Link to post
Share on other sites
Hello HousesOfTheHoly and welcome to Malwarebytes,

Your logs indicate a variant of smartservie infection, to remove that infection you will need access to a spare PC and a USB Flashdrive 4gb or above.

Do this first on the infected PC:

Select the Windows key and X key together, from the xmenu select Command Prompt (Admin)

At the prompt either type or copy/paste the following commands, select enter after each command:

bcdedit.exe /set {bootmgr} displaybootmenu yes
bcdedit.exe /set {default} recoveryenabled yes
exit


Next,

Boot up your spare PC plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate...

Next,

On that same PC downoad and save FRST to same Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Next,

Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

For Windows 10 - https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

For Windows 8/8.1 https://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/

Next,

From the Windows 8/10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 8/10

user posted image


From that window select "Troubleshoot"


user posted image


From the next window select "Advance Options"


user posted image


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" or "My PC" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Leave the infected PC in Recovery mode, post the produced log from your flash drive via the spare PC....

Thank you,

Kevin..

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.