Virus is blocking Malwarebytes

Status
Not open for further replies.

nod45

Prominent
Jun 7, 2017
9
0
510
I have a virus that is blocking Malwarebytes and when I open Task Manager it closes it right away. I did some looking around before but nothing helped. I tried using programs that were reccomended such as "Rkill" and "FRST". Please help nothing is working.
 
Solution
this will be fun
the easiest solution is to wipe your pc to the last backup or if you lack a backup just wipe it all togeather
in the case you like your files go into cmd and type "tasklist" and copy and paste everything it gives you.
in the case that its blocked cms as well try opening run and copy this into it "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" leave the quotation marks out

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Have you tried to do it in Windows "Safe mode" with RKill? Your other option would be to try other anti-malware software like AdwCleaner, Hitman Pro, or Zemana. One of them could potentially work?

Last option is to get a bootable antivirus and try removing infections that way.
 

ComputerGeek21

Prominent
Aug 5, 2017
59
0
610
this will be fun
the easiest solution is to wipe your pc to the last backup or if you lack a backup just wipe it all togeather
in the case you like your files go into cmd and type "tasklist" and copy and paste everything it gives you.
in the case that its blocked cms as well try opening run and copy this into it "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" leave the quotation marks out
 
Solution

nod45

Prominent
Jun 7, 2017
9
0
510


I was in the process of doing this before JoshRoss replied and gave me some things that might work...
 

nod45

Prominent
Jun 7, 2017
9
0
510



I ran Hitman Pro through twice and It got rid of everything except something called "msidntfs.sys" It is listed as Maleware.
I ran Hitman Pro a few more times but its still not gone... I have tried AdwCleaner but that didn't do anything. I still haven't tried running RKill in Safe mode.
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Do that. Sometimes software struggles to remove viruses that work at a system level (I assume this one does). Safe mode with Rkill should ensure that it doesn't happen. You can also try MBAR, see if that works out.
 

nod45

Prominent
Jun 7, 2017
9
0
510


Tried running the programs in safe boot. Zemana, and Rkill wouldn't run in safe boot and Adwcleaner, and HitmanPro removed the programs but when I took the pc out of safe mode they showed back up.
 

nod45

Prominent
Jun 7, 2017
9
0
510


I just realized you asked me to copy and paste everything in the task list. Here it is:
System Idle Process 0 Services 0 8 K
System 4 Services 0 128 K
smss.exe 344 Services 0 1,136 K
csrss.exe 504 Services 0 4,736 K
wininit.exe 612 Services 0 6,532 K
csrss.exe 620 Console 1 4,772 K
services.exe 692 Services 0 9,740 K
lsass.exe 704 Services 0 14,644 K
winlogon.exe 788 Console 1 9,748 K
svchost.exe 884 Services 0 3,828 K
svchost.exe 908 Services 0 23,868 K
fontdrvhost.exe 940 Console 1 6,648 K
fontdrvhost.exe 932 Services 0 3,880 K
svchost.exe 72 Services 0 11,120 K
svchost.exe 404 Services 0 6,548 K
dwm.exe 412 Console 1 42,664 K
svchost.exe 1096 Services 0 9,564 K
svchost.exe 1120 Services 0 5,528 K
svchost.exe 1188 Services 0 15,632 K
svchost.exe 1200 Services 0 6,148 K
svchost.exe 1264 Services 0 10,440 K
svchost.exe 1308 Services 0 13,208 K
svchost.exe 1364 Services 0 22,120 K
svchost.exe 1436 Services 0 8,364 K
NVDisplay.Container.exe 1508 Services 0 13,176 K
svchost.exe 1524 Services 0 7,908 K
svchost.exe 1600 Services 0 5,876 K
svchost.exe 1608 Services 0 7,784 K
svchost.exe 1616 Services 0 7,364 K
svchost.exe 1736 Services 0 8,012 K
svchost.exe 1756 Services 0 10,920 K
svchost.exe 1804 Services 0 12,032 K
svchost.exe 1844 Services 0 7,272 K
svchost.exe 1852 Services 0 8,164 K
NVDisplay.Container.exe 1884 Console 1 23,980 K
svchost.exe 2012 Services 0 8,524 K
svchost.exe 1668 Services 0 8,352 K
svchost.exe 2264 Services 0 11,824 K
hmpsched.exe 2348 Services 0 5,920 K
svchost.exe 2376 Services 0 9,568 K
svchost.exe 2412 Services 0 6,148 K
svchost.exe 2424 Services 0 7,204 K
svchost.exe 2476 Services 0 11,160 K
spoolsv.exe 2588 Services 0 14,588 K
svchost.exe 2644 Services 0 7,888 K
mDNSResponder.exe 2872 Services 0 6,480 K
svchost.exe 2888 Services 0 6,468 K
armsvc.exe 2896 Services 0 6,632 K
Avira.VpnService.exe 2904 Services 0 49,124 K
svchost.exe 2916 Services 0 10,644 K
svchost.exe 2924 Services 0 18,492 K
svchost.exe 2968 Services 0 7,616 K
svchost.exe 2976 Services 0 16,160 K
svchost.exe 2996 Services 0 20,024 K
nvcontainer.exe 3016 Services 0 24,552 K
svchost.exe 3040 Services 0 9,244 K
KMS-R@1n.exe 3060 Services 0 3,204 K
GameScannerService.exe 3068 Services 0 29,600 K
svchost.exe 2216 Services 0 6,884 K
NvTelemetryContainer.exe 2164 Services 0 12,536 K
svchost.exe 2824 Services 0 11,864 K
RzSurroundVADStreamingSer 3084 Services 0 13,736 K
svchost.exe 3112 Services 0 8,716 K
svchost.exe 3132 Services 0 15,472 K
svchost.exe 3164 Services 0 5,660 K
SecurityHealthService.exe 3184 Services 0 12,356 K
svchost.exe 3204 Services 0 19,608 K
ZAM.exe 3308 Services 0 16,300 K
dasHost.exe 3404 Services 0 5,692 K
svchost.exe 3480 Services 0 13,112 K
Memory Compression 3488 Services 0 4 K
svchost.exe 3520 Services 0 6,132 K
audiodg.exe 4008 Services 0 13,796 K
WmiPrvSE.exe 4320 Services 0 14,724 K
svchost.exe 4364 Services 0 7,108 K
svchost.exe 4400 Services 0 7,400 K
svchost.exe 5000 Services 0 20,028 K
nvcontainer.exe 2116 Console 1 35,064 K
sihost.exe 4420 Console 1 21,100 K
svchost.exe 524 Console 1 23,348 K
svchost.exe 828 Console 1 25,192 K
taskhostw.exe 1828 Console 1 19,176 K
svchost.exe 2472 Services 0 18,132 K
explorer.exe 4392 Console 1 96,256 K
svchost.exe 4620 Services 0 6,124 K
msmjwpv.exe 3428 Services 0 11,916 K
SearchIndexer.exe 3616 Services 0 26,556 K
SearchUI.exe 5320 Console 1 143,272 K
ShellExperienceHost.exe 5340 Console 1 65,596 K
RuntimeBroker.exe 5848 Console 1 35,912 K
ZAM.exe 5760 Console 1 219,444 K
GoogleCrashHandler.exe 1088 Services 0 52 K
GoogleCrashHandler64.exe 2740 Services 0 92 K
flux.exe 1932 Console 1 22,484 K
WmiPrvSE.exe 2744 Services 0 9,620 K
chrome.exe 6752 Console 1 205,492 K
chrome.exe 6812 Console 1 9,276 K
nvtray.exe 4372 Console 1 12,456 K
chrome.exe 6924 Console 1 10,064 K
chrome.exe 3256 Console 1 391,588 K
chrome.exe 6296 Console 1 40,732 K
ravcpdkz.exe 6820 Services 0 10,552 K
chrome.exe 7128 Console 1 97,324 K
chrome.exe 6596 Console 1 94,920 K
chrome.exe 6764 Console 1 145,464 K
svchost.exe 7508 Services 0 11,584 K
svchost.exe 7780 Services 0 8,664 K
svchost.exe 8020 Console 1 20,956 K
chrome.exe 8048 Console 1 205,812 K
SettingSyncHost.exe 8088 Console 1 3,944 K
chrome.exe 6796 Console 1 196,380 K
RemindersServer.exe 3632 Console 1 4,092 K
NVIDIA Web Helper.exe 5448 Console 1 1,204 K
conhost.exe 6648 Console 1 N/A
chrome.exe 7284 Console 1 120,152 K
svchost.exe 980 Services 0 22,756 K
svchost.exe 7856 Services 0 11,480 K
svchost.exe 1952 Services 0 7,212 K
svchost.exe 4648 Services 0 5,772 K
chrome.exe 4120 Console 1 122,504 K
chrome.exe 2224 Console 1 304,392 K
svchost.exe 7796 Services 0 6,848 K
sppsvc.exe 6668 Services 0 14,492 K
SppExtComObj.Exe 1160 Services 0 8,744 K
dllhost.exe 1320 Console 1 10,784 K
backgroundTaskHost.exe 4948 Console 1 23,696 K
smartscreen.exe 7816 Console 1 17,700 K
cmd.exe 2188 Console 1 3,300 K
conhost.exe 2828 Console 1 17,380 K
tasklist.exe 5828 Console 1 7,932 K
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Sorry for a very late response. Was slightly ill and was busy with work. In any case, I would recommend using DBAN to wipe your HDD and do a fresh install of your Windows. Considering that no conventional ways of problem-solving helped you. I am sorry that I can't help you any further.
 

mdd1963

Distinguished
ProcessExplorer has a lower pane of info that sometimes gves very valuable info on where a process is originating/ spawning from; if you identify both processes, sometimes they can be each suspended, and then deleted.

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer



Or, if you have a specific location of both miscreant files, they might still be ripped out from outside of WIndows with any Linux Live CD...

Since we are at the point of 'nuke and pave' now we have nothing to lose....

Certainly, a full format/reinstall is effective as well :)

ANother option used a few years ago for tasks that were quickly respawning was to delete it, then instantly hit the rest button before it could respawn; crude, but effective...

Good luck
 
  • Like
Reactions: flamelessbytes

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Any luck dealing with the issue throughout the weekend?

I never even though about task kill and restart. A creative solution to say the least.
Process explorer is a great option since it also has a Virus Total database detection, which can show you if any of the current tasks are potentially malicious in any way. If it has 1/60, that is a concern but not always a malware. More than that is a definite problem.
 

nod45

Prominent
Jun 7, 2017
9
0
510
Yeah so I found the solution. Programs didn't really do anything for the problem I had so what I did to get rid of the virus was taking all of my important files from my computer to a flash drive. I then installed an iso on another flash drive from another computer. I went into the bios to swap the boot order so that it would boot from the flash drive. I then wiped the partitions and reinstalled windows. That got rid of it for me.
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Thanks for keeping us updated. Sorry, we couldn't deal with the problem without reinstalling Windows. By the way, I completely missed that you were using KMS and a "gamescannerservice" One of the two might have been the issue, but doubtfully. Please be safe when downloading or activating legitimate content using other means.

Oh and, if any of my solutions helped, would appreciated it if you would mark it ;)
 
Status
Not open for further replies.