Windows Process Manager (32-bit) Malware

[Zarek]

Hello I would like some assistance in removing this annoying windows process manager malware. Only symptoms I've noticed is that it periodically hogs up my cpu resources. I've tried scanning my pc with avast but it doesn't find anything bad. I think I've narrowed it down to C:\Users\X\AppData\Local\mbextik but it says access denied.

 

[TwinHeadedEagle]

Hello,


Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
  • If it didn't start, locate mbar folder on your Desktop and double click on mbar.cmd
    
    
    
    
    
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

[Zarek]

I did the scan like you said but no malware was found. Right now the windows process manager malware is not appearing in my task manager but the folder in which they are located in is still there C:\Users\X\AppData\Local\mbextik . I've tried deleting the folder but windows tells me access denied. I have also found an unknown application running in the task manager named igfxmtc.exe (32-bit) that leads to C:\Users\X\AppData\Local\igfxmtc but also can not access it.

 

[TwinHeadedEagle]

Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Click Start and while holding Shift key on your keyboard click Power --> Restart.

Note: It is important that you keep Shift key pressed while doing this or it won't work.​

• Now you should get a window like this where you need to click Troubleshoot.

• In the next window, click Advanced options and select Command Prompt.
• Now you should log in into your account and after that Command Promptwindow.

Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

• When the notepad opens, go to File menu.
• Select Open.
• Go to Computer and search there for your USB drive letter.
• Note down the letter and close the notepad.

Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

• Type in e:\frst64.exe and press Enter.
  You need to replace e with the letter of your USB drive taken from notepad!
• FRST will start to run. Give him a minute or so to load itself.
• Click Yes to Disclaimer.
• In the main console, please click Scan and wait.
• When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.