Malware preventing access to folders

rajeebvrahman

Prominent
Nov 19, 2017
3
0
510
Hi,

I have an issue with my Windows 10 Home Edition. I have identified at least 4 folders where I have no access. Process explorer lists executables in those directories that are using lots of CPU and memory.

C:\users\user\AppData\Local\msilwou
C:\users\user\AppData\Local\weesvaz
C:\users\user\AppData\Local\igfxmtc
C:\Windows\System32\niakszl

I tried pretty much all ways given on this forum to take control of these folders but no luck. I also noticed that my System Restore doesn't work anymore, meaning the restore points created disappears magically after a reboot. I created restore points using Restore Point Creator but even those are missing after a reboot. Also, I can't add any new users either, I am the only user (administrator) on this computer.

I am suspecting it is a malware and am planning to backup and re-install Windows. I just wanted to know if there anything else I need to try. I have scanned the computer using Bitdefender, IOBit, Malwarebytes, Avast etc but none of them list these executables as virus.

Thanks
 
Solution
Boot to a USB drive with linux on it. grab a USB drive, a copy of rufus and a linux distribution.
http://distrowatch.com/ has tons of differing linux distributions and download links. I personally an fond of linux mint with cinnamon.
https://rufus.akeo.ie/ the utility used to extract the ISO file to the USB drive.

use rufus to extract the selected ISO to the tunmb drive. it will make the drive bootable and you can run linux from the drive once done.
Reboot into linux and proceed to test the hardware. connect to internet, watch videos, await problems.
if linux is good and stable the issue is most likely inside windows or otherwise software related.

DO NOT make the thumb drive on the system to be cleaned. use a known secure system to...

R_1

Estimable
Herald
Boot to a USB drive with linux on it. grab a USB drive, a copy of rufus and a linux distribution.
http://distrowatch.com/ has tons of differing linux distributions and download links. I personally an fond of linux mint with cinnamon.
https://rufus.akeo.ie/ the utility used to extract the ISO file to the USB drive.

use rufus to extract the selected ISO to the tunmb drive. it will make the drive bootable and you can run linux from the drive once done.
Reboot into linux and proceed to test the hardware. connect to internet, watch videos, await problems.
if linux is good and stable the issue is most likely inside windows or otherwise software related.

DO NOT make the thumb drive on the system to be cleaned. use a known secure system to prepare the USB drive and download the files

linux does not care for any windows file permissions and the malware will be neutered under linux. you have the location of the files, write them down and the file names. boot into linux and open the file manager. browse to the folders and delete what you need to.
reboot and scan the system with your favorite scanner, I like the eset single test. do not rely on it to clean the files, note the location of the files reboot to linux and kill them.
 
Solution

rajeebvrahman

Prominent
Nov 19, 2017
3
0
510
Thanks. I downloaded rufus and Linux Mint cinnamon. On rufus I don't find any option to extract the iso. It just makes the usb drive bootable (after a quick format). I did that and then copied the iso there and extracted it using express zip.

Tried to boot the Lenovo Yoga in usb mode. Enabled Legacy support and now it comes to a command prompt named C:, and lists the contents of the USB drive. But it doesn't let me browse the original C: drive (windows folder). How to start Linux?
 

R_1

Estimable
Herald
https://rufus.akeo.ie/
you can see in the image that loads on that page you need to click the box next to "Create a bootable disk using" (check box three of four) then there is what looks like a cd rom button. click on that a windows will pop-up letting you browse to and select the proper iso file. then hit start
https://www.youtube.com/watch?v=V6JehM0WDTI
this is a walk through if you are still having problems

simply extracting the iso file like an archive will not enable boot-ability.
 

rajeebvrahman

Prominent
Nov 19, 2017
3
0
510
Awesome, that worked like a charm, thank you so much !!!

I see a few services under startup tab named "Parr" & "Program", I have disabled them but how to get them deleted? The option to open the file location is grayed out.