SOLVED Windows Process Manager (32 bit) malware process taking up CPU and disk

Discussion in 'Malware Removal Assistance For Windows' started by William Y, Dec 31, 2017.

Thread Status:
Not open for further replies.

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

  1. William Y

    William Y New Member

    Dec 31, 2017
    6
    1
    New York City
    Windows 10
    Malwarebytes
    Operating System:
    Windows 10
    Are you using a 32-bit or 64-bit operating system?:
    64-bit (x64)
    Infection date and initial symptoms:
    4-5 days ago, computer began periodically freezing due to windows process managers causing spikes in CPU or disk usage
    Current issues and symptoms:
    Initial issues persist. Multiple windows process managers exist and freeze my computer
    Steps taken in order to remove the infection:
    Windows Defender Full Scan, Malwarebytes Scan, AdwCleaner (all failed to find threats). Windows defender custom scan didn't detect files when directed to the suspected folder

    Disabled windows updates and background processes

    Attempted deletion of the folder as an administrator, by changing the file owner, and using command prompt or safe mode.
    Logs added to help request:
    • FRST.txt
    • Addition.txt
    Recently I've seen numerous "Windows Process Manager (32 bit)" processes on my computer, anywhere between 2-4 background processes and an application running concurrently. I'm not sure if this is malware but it is probably a worm. Farbar Scan ran fine but AdwCleaner and Malwarebytes failed to find anything.

    All of the windows process manager link to a single folder called seilbuw, which I am unable to open or delete.
    C:Users/wy869/AppData/Local/seilbuw.

    FRST files attached.
     

    Attached Files:

  2. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,737
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Hello,


    Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
    • Now you should get a window like this where you need to click Troubleshoot.
    [​IMG]
    • In the next window, click Advanced options and select Command Prompt.
    • Now you should log in into your account and after that Command Promptwindow.
    [​IMG] Access the notepad and identify your USB drive

    In the Command Prompt please type in:
    Code:
    notepad
    and press Enter.
    • When the notepad opens, go to File menu.
    • Select Open.
    • Go to Computer and search there for your USB drive letter.
    • Note down the letter and close the notepad.


    [​IMG] Scan with Farbar Recovery Scan Tool

    Once back in the command prompt window, please do the following:
    • Type in e:\frst64.exe and press Enter.
      You need to replace e with the letter of your USB drive taken from notepad!
    • FRST will start to run. Give him a minute or so to load itself.
    • Click Yes to Disclaimer.
    • In the main console, please click Scan and wait.
    • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

    Transfer it to your clean machine and include it in your next reply.
     
  3. William Y

    William Y New Member

    Dec 31, 2017
    6
    1
    New York City
    Windows 10
    Malwarebytes
    Here you go
     

    Attached Files:

  4. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,737
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Can you now boot normally and do a scan with FRST?
     
  5. William Y

    William Y New Member

    Dec 31, 2017
    6
    1
    New York City
    Windows 10
    Malwarebytes
    #5 William Y, Jan 1, 2018
    Last edited: Jan 1, 2018
    Thank you for helping, here's the log.
     

    Attached Files:

  6. William Y

    William Y New Member

    Dec 31, 2017
    6
    1
    New York City
    Windows 10
    Malwarebytes
    Something unexpected happened, today I don't seem to see any of the windows process managers in the task manager, and I can open the folder they were located now.
     
  7. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,737
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Yes, that is because we got rid of some of them. Let's clean the remnants now:


    [​IMG] Fix with Farbar Recovery Scan Tool

    [​IMG] This fix was created for this user for use on that particular machine. [​IMG]
    [​IMG] Running it on another one may cause damage and render the system unstable. [​IMG]

    Download attached fixlist.txt file and save it to the Desktop:

    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

    Please attach it to your reply.
     

    Attached Files:

  8. William Y

    William Y New Member

    Dec 31, 2017
    6
    1
    New York City
    Windows 10
    Malwarebytes
    Fixlog
     

    Attached Files:

  9. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,737
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Very good. Everything okay now?
     
  10. William Y

    William Y New Member

    Dec 31, 2017
    6
    1
    New York City
    Windows 10
    Malwarebytes
    Yep, thank you!!
     
    Marijane likes this.
  11. Marijane

    Marijane New Member

    Jan 3, 2018
    1
    0
    Texas
    Windows 10
    McAfee
    Thank you, it worked! You’re a real tech magician!
     
Loading...
Similar Threads Forum Date
Windows Process Manager (32 Bit) Malware Removal Assistance For Windows Saturday at 6:18 PM
Fake Windows Process Manager Malware Removal Assistance For Windows Jan 15, 2018
Windows Process Manager virus. Help. Malware Removal Assistance For Windows Jan 15, 2018