Main Forum > General Computer Support
Can't delete .exe (virus) and can't kill process
Cencio:
Hi all,
It's pretty tough for me to explain this, since I'm italian and explain all this in english is complicated, but I'm gonna try.
I have been stupid, I know, but I made this error. I executed an .exe file with "shady origins" and what happened?
This .exe created a process and two other .exe's. One in the folder C:\Users\Administrator\AppData\Local\Temp and another in C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup called 62300faa2bb16b197cdd2a7772441cc8.exe
If I try to delete the .exe file (both), windows tells me it can't be deleted. If I open the Task Manager there is this process which say it's User sided, but if I try to kill it, it says that process is crucial for the system and if I'll kill it, the system would be shut down. If I kill it I actually have a BSOD. Same thing if with a proram I force the delete of the .exe's, I'll get a BSOD. This virus also created some string in the regedit, if I delete them, they automatically recteate themselves 1 second later. There are also 4 process in the StartUp menu...if i remove the check from them, nothing will chance, the check will return automatically.
I also tried to fix the .exe with HiJackThis, but when I click on FIX, I have a BSOD. Same thing with ComboFix...one second after I run it, I have the BSOD...
I don't really know what to do, especially because I installed this thing 5-6 days ago, and my VGA started to do artefacts and crashing with "heavy" games like GTA5, and I'm scared this thing created this problem...I'm pretty scared honestly...I already asked for help but noone was able to help me...
Oh, one other thing. I would like to solve this without format W7, since I have 400GB of important things and I don't have an external HDD atm to make a backup...
I'm asking for help...I'll be ready to do everything you ask me...please :(
Boggin:
BlueScreenView could give some clue as to how its removal caused the BSODs http://www.nirsoft.net/utils/blue_screen_view.html
The download choices are at the bottom of the page and posting any it finds could possibly help Shane in seeing where it is attacking.
I'm loathe to suggest using any other disinfection programs, but have you tried your restore points back to before you got caught.
If the infection hasn't removed them, it would be best to do this in Safe Mode.
Cencio:
--- Quote from: Boggin on June 14, 2015, 04:30:38 pm ---BlueScreenView could give some clue as to how its removal caused the BSODs http://www.nirsoft.net/utils/blue_screen_view.html
The download choices are at the bottom of the page and posting any it finds could possibly help Shane in seeing where it is attacking.
I'm loathe to suggest using any other disinfection programs, but have you tried your restore points back to before you got caught.
If the infection hasn't removed them, it would be best to do this in Safe Mode.
--- End quote ---
I don't know why, but that program won't recognize the BSOD. it's not listed...
I have another program, who recognize it (WhoCrashed) and it says:
--- Quote ---crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: Unknown (0x00000000)
Bugcheck code: 0xF4 (0x3, 0xFFFFFA800A9CCB30, 0xFFFFFA800A9CCE10, 0xFFFFF80003798DB0)
Error: CRITICAL_OBJECT_TERMINATION
Bug check description: This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
A third party driver was identified as the probable root cause of this system error.
--- End quote ---
I would already did it, but unfortunately I have none of restore points before I installed that .exe. Since I had the artefacts on my VGA, In installed 3Dmark to have some test. All the restore points went to the moment I installed 3Dmark.
I tried to remove the .exe's in safe mode...they just get deleted with no problem in safe mode. Still when I restart the PC in normal mode they are back there...
Boggin:
I think you will need some expert help with this as the regular disinfection programs like MBAM, ESET Online Scanner and Norton Power Eraser could do more harm than good.
I would suggest that you register on http://www.techsupportforum.com/forums/f50/new-instructions-read-this-before-posting-for-malware-removal-help-305963.html and open a thread after reading the prerequisites.
You can cross reference this thread as background info by copying & pasting the thread as a shortcut.
If you do go this route, don't perform any other attempts to clean the system until advised by the helper.
The alternative is a factory reset or clean install of the OS.
Rick:
safe mode? run sfc /scannow
or, repair install only works ok too
do you, use games in ADM mode?
setup another User ID only for games without ADM privaleges and still use a password
chk your firewall before SFC or a repair install, if repair install, reset firewall before doing...
Navigation
[0] Message Index
[#] Next page
Go to full version