Solved Windows Process Manager (64-bits) Virus -- Another Victim here

ShawnCHL

New Member
Thread author
Jan 2, 2018
9
Hi there
Basically, i mis-downloaded something and it leads to a searcher download. Then i got this search-awesome virus and i used paid-reimage to clean it eventually. Next my chrome search started to redirect to bing and yahoo then i used various methods from the internet and finally got it fixed by changing the chrome policy or something.
However, there's always this windows process manager in the task manager for like 5 days. The windows process manager contain clients from 1 -- 3 or 4 (not sure because i can't check the task manager all the time)
I either can't open file location(access denied) and end the task. FYI, I've tried reimage; malewarebytes and mbar(from the thread i read), none of them could really make this thing disappear.
This thing has made my game to reach extremely low ping and chrome to freeze often times.
Pls help me out ^^
 

Attachments

  • FRST.txt
    55.7 KB · Views: 1
  • Addition.txt
    182.8 KB · Views: 0

ShawnCHL

New Member
Thread author
Jan 2, 2018
9
1.png 2.png 3.png 4.png 5.png 6.png
Here's the fresh one after i scanned again with reimage pc repair (found some suspicious crashed files)
With some snapshots of the task manager detail
 

Attachments

  • Addition.txt
    184.5 KB · Views: 1
  • FRST.txt
    56.4 KB · Views: 2
Last edited:

ShawnCHL

New Member
Thread author
Jan 2, 2018
9
By the way, i tried to restart into advanced menu and recovery but every time i do that, it just gives me black screen with a mouse that i could move around; then after two mins it automatically restarts my pc normally.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Now you should get a window like this where you need to click Troubleshoot.
Windows-10-2.jpg

  • In the next window, click Advanced options and select Command Prompt.
  • Now you should log in into your account and after that Command Promptwindow.
notepad.png
Access the notepad and identify your USB drive

In the Command Prompt please type in:
Code:
notepad
and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.


FRST.gif
Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.
 
  • Like
Reactions: Syafiq

ShawnCHL

New Member
Thread author
Jan 2, 2018
9
Hey man
I can't boot to recovery, every time i tried to get to the advanced option menu
1st it shows a blue screen with please wait, then the screen turns black but with a visible mousing that i could move around.
Then after like 2mins the pc just automatically restarts.
 

ShawnCHL

New Member
Thread author
Jan 2, 2018
9
Well, i tried various methods trying to get to the advanced option menu. it always gives me the black screen
So what i've done now is that i open the system configuration and restart my pc with the safe boot (alternative shell) --- it gives me the command prompt and i did the method you told me and get these 2 files
Btw, pls help me out here, i feel like it's getting worse, my game reaches unbelievable low ping and my pc just crashed today into blue screen.
 

Attachments

  • Addition.txt
    174.2 KB · Views: 0
  • FRST.txt
    52.9 KB · Views: 0

ShawnCHL

New Member
Thread author
Jan 2, 2018
9
I tried 1 more time and it finally worked
here's the frst file
btw, i can delete the virus folder now but just not sure if it's gonna pop up again
 

Attachments

  • FRST.txt
    42.7 KB · Views: 2

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your USB flashdrive.


>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...
 

Attachments

  • fixlist.txt
    4.1 KB · Views: 7
  • Like
Reactions: Syafiq

ShawnCHL

New Member
Thread author
Jan 2, 2018
9
Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your USB flashdrive.


>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...



There you go
BTW, i can boot to recovery through settings today and once i restart normally again after the fixing, my reimage pc repair disappear from the desktop (where i installed it)
 

Attachments

  • Fixlog.txt
    8.2 KB · Views: 4

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Reimage isn't a reputable software, so I would avoid it. How is your computer behaving now? You can now scan with FRST from Normal mode and upload the reports for my review.
 
  • Like
Reactions: Syafiq

ShawnCHL

New Member
Thread author
Jan 2, 2018
9
Here's the new scan result in normal mode
 

Attachments

  • Addition.txt
    183.4 KB · Views: 2
  • FRST.txt
    52.4 KB · Views: 1

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top