Virus wont let me delete it/run antivirus, I felt like I tried every trick in the book.

Page 2 - Seeking answers? Join the Tom's Guide community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.

BentoBox

Commendable
Feb 10, 2016
12
0
1,560
So, a while back I made a thread talking about the same thing how this nasty virus wont let me run any sort of antivirus and people said to use a rescue disk, I tried it, and it worked! Well, at least I thought it did. Turns out it didn't, and I realized how much more it could do. So far I tried all these solutions

-antivirus (duh)
-use a rescue disk (tried 2, both didnt fully work)
-wiping hdd except for windows (wouldn't let me)
-use rkill/any other disabler (nah)
-renamed antivirus to something else
-rebooted in safe mode(straight up wouldn't let me, lol)
-windows defender(tried offline mode too)

Oh yeah, and there's a virus in my startup that wont let me disable it, cpx.exe. Right now I'm stuck on the rescue disk part and I got rid of all but 2 viruses, trojan.agent.win32.84914. Which they are both named an for some reason it wont let me delete it, when I do click it, it does nothing.
 
Solution

mdd1963

Distinguished
5 - 15 more hours of trying different malware removal software, chasing removal solutions, miscreant processes (which is entertaining, if you are the curious type), vs. 10-20 minutes of delete partition, quick format, W10 reinstall, all other software reinstalled, with performance back to the best it will ever be......
 

mdd1963

Distinguished
try running ultraviruskiller as admin, and terminating/deleting process with it....; see if any reference to the mystery process in autoruns...

You can also look at running freefixer, also looking for non-greenlisted processes you don't clearly recognize....
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
While a clean reinstall of Windows is a much quicker solution, some facts need to be established. If people do not have back-ups, have important projects that need to be dealt with, no way of making backups (I know cloud is a solution as well, but still), they might want their Windows back.

I know that RKill might have issues in Windows 10 Safe mode, but in normal mode, it should work for the most part.

Do you maybe have a recovery CD/USB? You could also try a system restore point and restore your Windows before the infection.
 

mdd1963

Distinguished
If Win10 was already activated, anyone can nuke and pave/reinstall/reactivate easily , just create a a Win10 install CD/USB using MS's Media Creation Tool beforehand....

If someone was using a non-activated bootleg/trial that doesn't update, then the process is...well, ....'doomed', comes to mind. Bogus processes killing performance or not, anyone can boot a Linux Mint 17.3 CD, and easily gather all critical docs, photos, etc., prior to nuking and paving....
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
But you see, you need to have knowledge of these facts, and also, you are thinking from an advanced and more refined perspective (Which I do not blame you). I am trying to provide simple and acceptable solutions to a common internet user, that wouldn't be TOO complicated, but some work is required. While I agree you can boot Linux or even bootable AV, its steps that most people just won't take.
 

mdd1963

Distinguished
Not implying anything you said was wrong, only that data (pprojects, docs, priceless photos, etc.) on the drive is accessible, and can be easily transferred/recovered to a $12 USB flash drive...ergo, a WIn10 reinstall is not a true catastrophe.

You are also correct in that some for folks without experience, the reinstall, and necessary chipset and GPU driver installs can be a little intimidating.

For malware/malicious processes that pull the 'Lazarus'/respawn effect, tracking it down can be *FAR* more difficult that the reinstall... IMO ... :)
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
Not implying that your opinion is wrong either, it's just a little too complicated from a casual help point. True, Win10 won't be the worst to reinstall. On the bright side, this teaches people to be aware, keep backups and use safe internet practices.

*FAAAAAAAAAAAAAAAAAAAR* More difficult, you missed a couple of A's there :D But yeah, respawn/self initiating viruses are a pain to put it lightly...
 

mdd1963

Distinguished
I'm the type to spend 12-24 hours chasing malware just as a personal challenge! :)

Amazing the stuff you can track down with Freefixer, autoruns, Process Explorer, etc...

Once my patience is exhausted, a Win10 reinstall takes 4-5 minutes....about as much time as it takes to do a Freefixer or Roguekiller scan on some slower systems.. (m.2 storage has it's advantages)

JRT
AdwCleaner
MBAM
Freefixer
Autoruns
Process Explorer
TDSSKiller
RKill/Roguekiller
Hitman Pro
Kaspersky Rescue CD

At some point, anyone will eventually resort to a good 'ole nuke and pave' :)
 

JoshRoss

Estimable
Jul 11, 2017
228
0
5,260
I think we should either discuss this further in private or make a new topic regarding what software do you use for hunting/recovering from malware, would be an interesting discussion to hear, because we are jumping off topic
 

mdd1963

Distinguished
Perhaps the OP will read the above list, and research the ones he's not tried/investigated.

to the OP...For malware that respawns, I can't imagine defeating it without some some experience in process explorer; process explorer's lower pane info will allow suspending a process, then suspend the process that respawns the original, then delete them both... but, it takes some investigative creative clicking, to be sure....

You can find a 90 minute tutorial on ProcessExplorer's capabilities on Youtube at a hosted MS conference/event, narrated by Mark Russinovich, an MS genius programmer of SysInternals' fame...

Good luck with this malware!
 
Status
Not open for further replies.