"Windows Process Manager" Virus hogging resources (processing power and RAM) in the background

Page 2 - Seeking answers? Join the Tom's Guide community: where nearly two million members share solutions and discuss the latest tech.

muhtaseem96

Prominent
Oct 29, 2017
6
0
510
http://puu.sh/yahkC/fe1da6fcdd.png
As you can see in the screen clip, there's this "Windows Process Manager" thing with multiple "clients" running in the background and it consumes a huge amount of RAM and processing power. http://puu.sh/yahBg/aaf2bebc2b.png
There are multiple instances that can take up to 500 MBs of RAM if left without ending the task. Opening file location leads to this folder
http://puu.sh/yahG4/3f6cff59bf.png
I've tried using ReasonCore Security alongside regular Windows Defender checks to try and get rid of it but to no or limited effect. I recall Windows defender showing me warnings of Trojan infection if this info helps
http://puu.sh/yahLI/a4647d00a1.png

Any help would be greatly appreciated, thank you
 
Solution
Have you also received an error message saying “The Requested Resource is in Use”? If your answer is yes, then it might be that you are dealing with some kind of rootkit. Download Malwarebytes (there is such tool as Malwarebytes Anti-Rootkit Beta version that you should try as well) and identify its location. If you are interested in fixing your computer manually, you can also check these steps:

https://ugetfix.com/ask/how-to-fix-the-requested-resource-is-in-use-error/

m.jiaji02

Prominent
Dec 16, 2017
4
0
510

Never mind.
 

ironmanmock7

Prominent
Dec 22, 2017
1
0
510
I GOT IT! My solution was actually incredibly simple.
I opened 'Task Manager'
'Right Clicked' the problem program "Windows Process Manager"
Go over to 'Properties'
Select 'Security'
Select 'Advanced'
'Remove'
'Deny' everything
'Disable Inheritance'
Apply everything.
Since doing this I have not seen the Process Manager in my task bar and my CPU usage is back to normal.
 

andrewkranny

Prominent
Jan 8, 2018
2
0
510


I am having a very similar issue to your problem, but when I try this solution I cannot find where it says 'Remove.'
1. I go to 'Properties'
2. select 'Security'
3. select 'Advanced'
After this step i am met with this window https://gyazo.com/f8a0bf083c7b593cc07ea63d9bb69d7c
So I am completely lost once I get to this window...
 

snburchett

Prominent
Jan 29, 2018
5
0
510


DON'T REMOVE ALL OF THEM! Remove all of them except the one for your user account (example: Alex Friedsonn). That way, you'll still have the ability to modify its properties. (And give yourself full control while you're at it.)
 

andrewkranny

Prominent
Jan 8, 2018
2
0
510


I am still confused as of what to do after I remove all the permission entries except the one with my name. Any ideas?
 

snburchett

Prominent
Jan 29, 2018
5
0
510


I'm not sure if it'll work, but, every time it appears, just do that, click disable inheritance, and it MAY eventually disappear after a few repeats and reboots/shutdowns.

I haven't tested it fully yet. I'm still at the stage where my machine is perfectly usable, so I'll do "natural" power cycles to see if it works. I'll rename one of the executables to TEST.exe so I can monitor it through the process.

Just try it a few times through different sessions, and, if Windows Process Manager still persists after, like, 3 to 5 reboots with permission changes, then let me know and we can cross that one off of the list of possible solutions. This method feels pretty ingenious, though (as is the infection itself, you have to admit), so it'll be a shame if it ultimately fails. Let's just try it and see.

I will stress that I DON'T KNOW if it will work.
 

snburchett

Prominent
Jan 29, 2018
5
0
510


You know what, I just had a stupid but clever idea: since we now have full access to the executable, let's render it unusable by going to the General tab in Properties and using the text field that has the filename in it to remove the file extension. That way, nothing can use it.
 

snburchett

Prominent
Jan 29, 2018
5
0
510


OK, so do what the guy said in the first place (deny permission to everyone) AFTER setting your own account as owner. And, if you want to be extra safe, then rename the files and extensions to something easily recognizable AS LONG AS YOU CHANGE THE EXTENSION TO BE UNUSABLE. Example: FYOU.WPMVIRUS. I'm still not sure about deleting the System32 file part of the virus, but it is safe to deny permissions to it and rename it.
 
Jul 14, 2018
1
0
10


Ive yet to find the sys32 file part of the virus what was it's original name??
 

snburchett

Prominent
Jan 29, 2018
5
0
510


It's the file being used by the processes in Task Manager that are named random strings of characters. I don't remember, and it doesn't matter anyway because this solution ended up not working. I reinstalled Win10.