Solved Yet another windows process manager problem

Jean_P

New Member
Joined
Aug 4, 2018
Messages
4
OS
Windows 8.1
Antivirus
Malwarebytes
#1
Per instructions guidelines I ran the Farbar recovery tool and attach the 2 files.

I've read threads concerning the windows process manager virus. They recommend running the Farbar tool from a flash drive, but I'm not able to save FRST64.exe on a flash drive. It always says I don't have permission.

I also downloaded kav_rescue_10.iso and was able to mount it. But I don't see any exe to run, only an .img file, and what do I do with that?

Thanks for your help.
 
Operating System
Windows 8
Are you using a 32-bit or 64-bit operating system?
64-bit (x64)
Infection date and initial symptoms
End of July. Computer bogging down.
Current issues and symptoms
Windows process manager (32 bit) running
Steps taken in order to remove the infection
Adwcleaner, Malwarebyte full scan, start emergency cleaner full scan
Logs added to Help Request
FRST.txt, Addition.txt

Attachments

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Joined
Mar 8, 2013
Messages
22,277
OS
Windows 10
Antivirus
ESET
#2
Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Now you should get a window like this where you need to click Troubleshoot.

  • In the next window, click Advanced options and select Command Prompt.
  • Now you should log in into your account and after that Command Promptwindow.
Access the notepad and identify your USB drive

In the Command Prompt please type in:
Code:
notepad
and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.


Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.
 

Jean_P

New Member
Joined
Aug 4, 2018
Messages
4
OS
Windows 8.1
Antivirus
Malwarebytes
#3
Thanks for responding, but you are repeating what you said in other threads on the same subject. As I was saying in my post I can NOT save the Farbar tool to a flash drive. It says I don't have permission, no matter what I do.

Perhaps you have some comment on that?
 

Jean_P

New Member
Joined
Aug 4, 2018
Messages
4
OS
Windows 8.1
Antivirus
Malwarebytes
#4
I was finally able to use another system to save frst64.exe on the flash drive.

But now I'm not able to get to the Advance startup options shown above in my Lenovo g50 Windows8 system.
I tried everything : Shift start, change PC settings...

The one thing I can do is boot in safe mode. There I ran frst64.exe and got the 2 files. But in safe mode the "Windows process manager" exe is still running!

Any help welcome
 

TwinHeadedEagle

Removal Expert
MalwareTips Staff
Joined
Mar 8, 2013
Messages
22,277
OS
Windows 10
Antivirus
ESET
#5
This malware can only be removed from the recovery. There are two links above, one of them is how to create a emergency recovery drive.
 
Forgot your password?