Virus wont let me delete it/run antivirus, I felt like I tried every trick in the book.

[BentoBox]

So, a while back I made a thread talking about the same thing how this nasty virus wont let me run any sort of antivirus and people said to use a rescue disk, I tried it, and it worked! Well, at least I thought it did. Turns out it didn't, and I realized how much more it could do. So far I tried all these solutions

-antivirus (duh)
-use a rescue disk (tried 2, both didnt fully work)
-wiping hdd except for windows (wouldn't let me)
-use rkill/any other disabler (nah)
-renamed antivirus to something else
-rebooted in safe mode(straight up wouldn't let me, lol)
-windows defender(tried offline mode too)

Oh yeah, and there's a virus in my startup that wont let me disable it, cpx.exe. Right now I'm stuck on the rescue disk part and I got rid of all but 2 viruses, trojan.agent.win32.84914. Which they are both named an for some reason it wont let me delete it, when I do click it, it does nothing.

 

[Mark_1970]

So, a while back I made a thread talking about the same thing how this nasty virus wont let me run any sort of antivirus and people said to use a rescue disk, I tried it, and it worked! Well, at least I thought it did. Turns out it didn't, and I realized how much more it could do. So far I tried all these solutions

-antivirus (duh)
-use a rescue disk (tried 2, both didnt fully work)
-wiping hdd except for windows (wouldn't let me)
-use rkill/any other disabler (nah)
-renamed antivirus to something else
-rebooted in safe mode(straight up wouldn't let me, lol)
-windows defender(tried offline mode too)

Oh yeah, and there's a virus in my startup that wont let me disable it, cpx.exe. Right now I'm stuck on the rescue disk part and I got rid of all but 2 viruses, trojan.agent.win32.84914. Which they are both named an for some reason it wont let me delete it, when I do click it, it does nothing.

what Operating system are you running?
If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. ...
If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to start in safe mode, and then press F8.
You need safe mode to disable virus startup. then antivirus ware can remove

 

[Guest]

Go into task manager, try to find a background process that doesn't make sense. It could be named "Host process", or anything, but end it. If your computer doesn't crash, then delete that cpx.exe. If your computer crashes, try again, ending another process.

I had a similar problem, it imitated a microsoft essential process. I notified a few anti-virus companies, about 18 months ago, and they still haven't done anything, still won't detect it.

If you can't stop the process, you can try booting in safe mode, then trying to stop it.

If all else fails, completely erase the drive and reinstall the OS.

 

[BentoBox]

Go into task manager, try to find a background process that doesn't make sense. It could be named "Host process", or anything, but end it. If your computer doesn't crash, then delete that cpx.exe. If your computer crashes, try again, ending another process.

I had a similar problem, it imitated a microsoft essential process. I notified a few anti-virus companies, about 18 months ago, and they still haven't done anything, still won't detect it.

If you can't stop the process, you can try booting in safe mode, then trying to stop it.

If all else fails, completely erase the drive and reinstall the OS.

hmmm, I tried that but cpx.exe just came back.

 

[BentoBox]

So, a while back I made a thread talking about the same thing how this nasty virus wont let me run any sort of antivirus and people said to use a rescue disk, I tried it, and it worked! Well, at least I thought it did. Turns out it didn't, and I realized how much more it could do. So far I tried all these solutions

-antivirus (duh)
-use a rescue disk (tried 2, both didnt fully work)
-wiping hdd except for windows (wouldn't let me)
-use rkill/any other disabler (nah)
-renamed antivirus to something else
-rebooted in safe mode(straight up wouldn't let me, lol)
-windows defender(tried offline mode too)

Oh yeah, and there's a virus in my startup that wont let me disable it, cpx.exe. Right now I'm stuck on the rescue disk part and I got rid of all but 2 viruses, trojan.agent.win32.84914. Which they are both named an for some reason it wont let me delete it, when I do click it, it does nothing.

what Operating system are you running?
If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. ...
If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to start in safe mode, and then press F8.
You need safe mode to disable virus startup. then antivirus ware can remove

alright, I'll try that in a lil bit, gotta go to bed so I don't have a whole lot more time to answer questions/try stuff

 

[Guest]

You wrote

for some reason it wont let me delete it,

. So were you able to delete it, and came back, or did you get an error message saying it couldn't be deleted?

 

[ledhead11]

MalwareBytes free is a good way to start. It will likely prompt you to run during the next boot and should kill the virus.
I'd also recommend then using Hitman Pro. It will function the same. I've seen it on some occasions find things MB missed.

Worst case scenario you may need to create a bootable USB stick and run the scans from it thus bypassing allowing the HDD to load anything into memory and preventing the virus from taking control.

 

[BentoBox]

So, a while back I made a thread talking about the same thing how this nasty virus wont let me run any sort of antivirus and people said to use a rescue disk, I tried it, and it worked! Well, at least I thought it did. Turns out it didn't, and I realized how much more it could do. So far I tried all these solutions

-antivirus (duh)
-use a rescue disk (tried 2, both didnt fully work)
-wiping hdd except for windows (wouldn't let me)
-use rkill/any other disabler (nah)
-renamed antivirus to something else
-rebooted in safe mode(straight up wouldn't let me, lol)
-windows defender(tried offline mode too)

Oh yeah, and there's a virus in my startup that wont let me disable it, cpx.exe. Right now I'm stuck on the rescue disk part and I got rid of all but 2 viruses, trojan.agent.win32.84914. Which they are both named an for some reason it wont let me delete it, when I do click it, it does nothing.

what Operating system are you running?
If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. ...
If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to start in safe mode, and then press F8.
You need safe mode to disable virus startup. then antivirus ware can remove

well, safemode worked but the virus still worked its magic, tried running any antivirus malawarebytes/panda/avast but to no effort it dun work "the requested resource is in use" is what I keep getting.

 

[BentoBox]

MalwareBytes free is a good way to start. It will likely prompt you to run during the next boot and should kill the virus.
I'd also recommend then using Hitman Pro. It will function the same. I've seen it on some occasions find things MB missed.

Worst case scenario you may need to create a bootable USB stick and run the scans from it thus bypassing allowing the HDD to load anything into memory and preventing the virus from taking control.

I already tried the bootable usb stick/rescue disk, it wont let me delete the last 2 viruses.
Any program similar to rkill will NOT work, I tried it myself but I can try again to report the results.

 

[BentoBox]

You wrote

for some reason it wont let me delete it,

. So were you able to delete it, and came back, or did you get an error message saying it couldn't be deleted?

it just came back.

 

[Guest]

The "the requested resource is in use" is a good sign. That's when you open task manager and start ending resources, and try to delete the same file after. The virus/malware is in memory and running. When you kill it, you can then delete it after.

 

[BentoBox]

Go into task manager, try to find a background process that doesn't make sense. It could be named "Host process", or anything, but end it. If your computer doesn't crash, then delete that cpx.exe. If your computer crashes, try again, ending another process.

I had a similar problem, it imitated a microsoft essential process. I notified a few anti-virus companies, about 18 months ago, and they still haven't done anything, still won't detect it.

If you can't stop the process, you can try booting in safe mode, then trying to stop it.

If all else fails, completely erase the drive and reinstall the OS.

wait, so if I erase the entire drive, will I have to repay for windows if its OEM?

 

[Guest]

Go into task manager, try to find a background process that doesn't make sense. It could be named "Host process", or anything, but end it. If your computer doesn't crash, then delete that cpx.exe. If your computer crashes, try again, ending another process.

I had a similar problem, it imitated a microsoft essential process. I notified a few anti-virus companies, about 18 months ago, and they still haven't done anything, still won't detect it.

If you can't stop the process, you can try booting in safe mode, then trying to stop it.

If all else fails, completely erase the drive and reinstall the OS.

wait, so if I erase the entire drive, will I have to repay for windows if its OEM?

Whoa! Did I suggest you erase the entire drive? No need. It would work, but no need. First try what I said.

If you have the same OEM computer, an made a re-install disk, and have the key, you can reinstall without paying again for the license. But make sure you have all those first. And call microsoft tech support, have them guide you through it, (mostly document your case), have them register your name and key, so that if and when it hits the fan, you don't have to pay again.

And a generic install disk, even from the same computer model, might not accept your key, since these are signed copies that try to prevent pirates.

You can try here. It never worked for me, but being registered with Microsoft, I was always able to download an ISO directly from them and use the key THEY gave me, and it worked. My OEM keys failed (I tried for fun, those computers I didn't need Windows).

On the phone with them, don't tell them your computer is OEM. Play dumb, act very stupid, and repeat "It's a Windows computer, it has Microsoft on it. I use Microsoft. I don't know what "Asus" is, I bought it because it's Microsoft. I buy American!"

If you act stupid with customer service, and repeat the name of the corporation you are calling enough, repeating that you trust them and they are great, they should eventually bend the rules to accommodate you.

 

[mdd1963]

run Sysinternals' process explorer to track down/suspend all miscreant tasks responsible for the 'Lazarus act' processes.....

 

[JoshRoss]

I would like to add my suggestion to this topic. You could restart your Windows in "Safe mode with networking" and use the suggestions there. First RKill, should kill the process, then do a scan, even with 4 anti-malware solutions (ADWCleaner, Malwarebytes, Zemana, Hitman Pro) you should be able to find it, you could also try Spyhunter. Do an additional scan with your anti-virus software, should clean up the problem. Let me know if it helps!

 

[mdd1963]

(I think Rkill still has issues with WIndows 10, if that applies)

 

[BentoBox]

I would like to add my suggestion to this topic. You could restart your Windows in "Safe mode with networking" and use the suggestions there. First RKill, should kill the process, then do a scan, even with 4 anti-malware solutions (ADWCleaner, Malwarebytes, Zemana, Hitman Pro) you should be able to find it, you could also try Spyhunter. Do an additional scan with your anti-virus software, should clean up the problem. Let me know if it helps!

I tried safe mode, the virus still runs and I still have NO idea what so ever other than trying a fresh start, which is hard since the virus prevents me from doing most ways to wipe the hdd. Safe mode still has the virus disabling antivirus/rkill/hitman, whatever you throw at it. I even saw at one point a complete list of processes it can disable.

buuuuuuut I'm still trying everything here in the thread, so keep on answering! I appreciate your advice, don't take what I said in a negative way, I'll try to report back to you ASAP.

I'm still looking for an answer on my original question for the rescue program on why it won't get deleted, I already listed the virus type/file name.

 

[mdd1963]

On a clean uninfected computer, use Hitman Pro menu to create a kickstart/breach mode USB....

 

[JoshRoss]

I would like to add my suggestion to this topic. You could restart your Windows in "Safe mode with networking" and use the suggestions there. First RKill, should kill the process, then do a scan, even with 4 anti-malware solutions (ADWCleaner, Malwarebytes, Zemana, Hitman Pro) you should be able to find it, you could also try Spyhunter. Do an additional scan with your anti-virus software, should clean up the problem. Let me know if it helps!

I tried safe mode, the virus still runs and I still have NO idea what so ever other than trying a fresh start, which is hard since the virus prevents me from doing most ways to wipe the hdd. Safe mode still has the virus disabling antivirus/rkill/hitman, whatever you throw at it. I even saw at one point a complete list of processes it can disable.

buuuuuuut I'm still trying everything here in the thread, so keep on answering! I appreciate your advice, don't take what I said in a negative way, I'll try to report back to you ASAP.

I'm still looking for an answer on my original question for the rescue program on why it won't get deleted, I already listed the virus type/file name.

You could search for the program's services and registries and disable it that way. In safe mode, you should be able to disable any services without any issues, see if that helps. I will wait for you response after you tried everything, hopefully, some advice will work.

 

[ledhead11]

Just curious in case I missed the detail.
What is the name of this virus?
What is the name of the file?
What is the name of the service?

These items might help others help you.

Also please consider that you may be using a program that's reinstalling this thing. Usually pirated or cracked software/games are the most popular sources for these kind of things. Some seemingly legit software can also be a source. Some websites are also known. If you do end up performing a clean install and it shows up again you may want to consider that your router/modem has become infected(rare but does happen). If you share your internet with other pc's its possible one of them could be spreading across the network(rare too but happens).