Solved! Can't delete a background process that's actually a virus

Status
Not open for further replies.

Richmoney9

Distinguished
Mar 22, 2008
4
0
18,510
I have a background process (virus?) that will not go away. Tried all of the malware/adware/virus programs to no avail. Also tried a lot of unlock/delete programs with no luck. The exe is called psezhlwsvc.exe. All online search sites find nothing on the exe. Upon further digging, using Process Explorer, psezhlwsvc.exe controls cwmdzen.exe, which controls multiple instances of dsclxg.exe.

What happened was, I downloaded a program that I thought was safe, turned out it wasn't, and I got blasted with all kinds of adware/malware/viruses. Took me awhile to get rid of as much as possible (I'd say about 90 percent). Only 3 things remain. the psezhlwsvc.exe problem, and 2 others.

The other 2 are, When I use the address bar search (in any browser) (bing) the results display on bing and then switches to google search. And the last is this linkhaitao thing that appears inbetween the current site and then switching to another site. it flashes for a few seconds and then goes away. Any hints or suggestions?
 
Solution

SumTingW0ng

Prominent
Aug 6, 2017
92
0
610


Please download and run these tools at full system scan. If for some reason you are unable to run these tools at full system scan, please reboot into safe mode with networking.

Malwarebytes Anti Malware

Emsisoft Emergency Kit

HitmanPro

Kaspersky TDSSKiller

Zemana Anti Malware

ESET Online Scanner

Next step

Run ccleaner

Reset browser settings back to default
 
Solution

Richmoney9

Distinguished
Mar 22, 2008
4
0
18,510


I've tried EVERYTHING.

Security Task Manager is able to display the most beneficial information, and lists the viruses at the top of the list with a 100 rating (meaning definitely a virus).

The 3 process are cwmdzen.exe, dsczixg.exe and psezhlwsvc.exe





 
according to my information;

cwmdzen.exe is NOT a known virus or malware file.
dsczixg.exe is NOT a known virus or malware file.
psezhlwsvc.exe s NOT a known virus or malware file.

as a matter of fact theses three files actually come up with no results as to which program they are attached to.
which is rather rare on the internet, so if it is a virus or malware seemingly you are the very first person hit by this, and the odds of this are pretty astronomically not likely, unless your messing around with a virus or malware lab tool.

so I searched my computer for such files and none of these files register on my system.

if you open a windows explorer folder, and search for cwmdzen.exe, when your system identified the file in question, it should tell you what folder it is in, and more likely to indicate where and what program it is associated with. can you tell us what program it is? (repeat for dsczixg.exe and psezhlwsvc.exe)

 

Richmoney9

Distinguished
Mar 22, 2008
4
0
18,510
Believe it or not, one virus/malware scanner (1 of 10 on my system) found the cwmdzen.exe/dscixg.exe one (dscixg.exe and cwmdzen.exe are/were both located in C:/Users/%yourname%/AppData/Local/cwmdzen folder). Deleting the two (by way of the malware scanner, stopped the redirects I was having in all of my browsers. I also came up with zero hits when I researched these three viruses but security task manager listed the 3 as 100% virus. So the only one remaining now is psezhlwsvc.exe. located in Windows/System32.



 

Richmoney9

Distinguished
Mar 22, 2008
4
0
18,510


Yes I am. I'm running UltraUXThemePatcher and SkinPack Auto UXStyle 5.0.
Also installed Aero 7 themes for win10 by sagorpirbd, Aero Glass for Win8+ (Experimental Version for build 10.0.16299)
 

yo.edy.4ever

Prominent
Nov 8, 2017
28
0
590
Can you upload psezhlwsvc to virustotal.com? Also, install Emsisoft Antimalware/Kaspersky internet security as trial antivirus and try to execute the file, their behavior blocker will stop it.
 
Status
Not open for further replies.