Virus process that keeps restarting?

Home » Security » Virus process that keeps restarting?
Security No Comments

So my friends has managed to get a virus/adware on his PC. No anti-virus or adware cleaner can pick it up but I have identified the processes that are running it and their file locations. The issue is as soon as I end the process it restarts itself and I can't delete the files while the process is running. How

So my friends has managed to get a virus/adware on his PC. No anti-virus or adware cleaner can pick it up but I have identified the processes that are running it and their file locations. The issue is as soon as I end the process it restarts itself and I can't delete the files while the process is running. How do I end the process and prevent it from restarting?

Best Answer:

Jack: You didn't give much info so here is a generic answer. This will cover checking for viruses and how to get rid of them. It explains how to scan using safe mode or how to make a bootable thumb drive and scan your system without Windows running. If worse comes to worse how to recover your files and reset the the puter back to factory settings.

It is important to run both ESET and Malwarebytes, what one might miss the other will catch.

First try Malwarebytes in safe mode. Make a bookmark of the link below or make a shortcut to it on your desktop.

http://www.malwarebytes.org/products/

The link below show how to start Windows in Safe Mode or Safe Mode with Networking.

http://kb.eset.com/esetkb/index?page=con…

When it boots to the desktop then click the the bookmark or shortcut you made. Download and install the free version and do a complete deep scan of your system. If it finds anything and it can not stop and delete it you will need RKIll to kill it.

If Malwarebytes does not find anything then try ESET online scanner to check for a virus. The first link is the online scanner. You need to USE IE while in the safe mode with networking to run it. The second link explains it.

http://www.eset.com/us/online-scanner-po…

http://kb.eset.com/esetkb/index?page=content&id=SOLN2921

If neither of them does the job then you will need to try more extreme measures. Everything below should be downloaded on a puter not infected and loaded unto a thumb drive. Then disconnect the infected puter from the internet and follow the instruction to try to get rid of it.

Some viruses can be found but not stopped to be deleted. RKill can find and stop the viruses that others can not. Once the viruses has been shut down the security program can then deleted it. The first link below discusses how it works and it is VERY IMPORTANT to read this page. The second link is for the virus removal guides offered by Bleepingcomputer. You will need another puter to download RKill and malwarebytes. You will need both of them on a thumb drive, DVD or a CD. RKill has different filenames because some malware will not allow processes to run unless they have a certain filename. Therefore when attempting to run RKill, if a malware terminates it, try a different filename. READ the instruction carefully on how to use the programs together.

http://www.bleepingcomputer.com/forums/topic308364.html

http://www.bleepingcomputer.com/virus-removal/

Download links for RKill.

www.bleepingcomputer.com/download/rkill

If that fails then make a bootable thumb drive or CD. To make a bootable thumb drive you will need to find a working puter to download universal usb installer. You need to read the instruction carefully and know a little about Linux to use this. There can be dragons present if you do not understand what your doing. I make no guarantees.

http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

It will make a bootable thumb drive that you can add a AV to scan your system. I recommend that you try one of these AV to scan your system if you can make a bootable thumb drive. Read the article completely, there can be problems using these if you do not know what you are doing. I make no guarantees.

These can also be booted from a CD if you have burning software. When you boot the puter with one or more of these you can reconnect to the internet to allow them to update the virus data base.

http://support.kaspersky.com/viruses/rescuedisk

http://www.avg.com/us-en/avg-rescue-cd-download

You can also use Bitdefender but it only boots from a CD. Here is a link to the instructions.

http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html

If you can not boot into Windows to make a backup of your files then you use pendrivelinux and then add Linux Mint CD ISO to boot the lappy . If you have a Windows 8 or above then you need to turn off secure boot and select boot from USB before using the thumb drive. The thumb drive boot will also allow you to check out the rest of the puter. It helps to have a thumb drive or a external drive to copy your data and files to.

If it has a CD/DVD you can burn Linux Mint right to a CD and boot with it. Download Cinnamon 32bit.

www.linuxmint.com/download.php

Once you have recovered what you need you can reload your OS.

Since you did not list the make, model and OS this part is a generic answer. Some or all of it might help you.

Make sure you back up all your files before doing this.

If your resetting a lappy, make sure you have the AC adapter plugged up. You do not want this process interrupted. This should take one or two hours. It is best to check on it to make sure everything is going fine.

It is best not to boot into Windows to start this process.

If you can not boot into Windows then try Advanced boot options. When you press the power button, start tapping the F8 key. You will see the advance boot menu. Select repair your computer. (This option is available only if the tools are installed on your computer's hard disk.) Select your language and then enter your user name and password. Then click on (brand name) factory Image Restore and next. Answer the question and it should start the recovery back to factory settings.

Recovery from the recovery partition

When you press the power button start tapping the F key for your puter and the BIOS menu will open. Select recovery from the menu, answer the question and the recovery should begin. Depending on your puter this will take one to two hours.

Manufacturers BIOS menu F key

HP/Compaq ESC

ASUS Del

Sony F2

Samsung F4

Gateway, eMachines F10

Acer, Dell, Fijitsu, Gigabyte, Toshiba F12

Your BIOS menu should look something like this. Yours might be different. I am posting this to give you an idea of what it looks like.

ESC = BIOS menu

F1 = System Info

F2 = System Diagnostic

F9 = Boot Device options

F10 = BIOS Setup

F11 = System recovery

Other answer:

Jack:
2
Jim:
Boot your computer in Safe Mode.
This mode only starts the computer with minimum processes running.
If you're lucky the process you're trying to delete will be inactive.
Also use cloud multi-scanners. Viruses can easily get around the old style single scanners like malwarebytes or antiviruses
HerdProtect, Opswat Metadefender etc are newer extremely powerful scanners using the latest technology.
Cloud scanning security programs cant be defeated by a virus because it isn't in your computer so virus cannot shut it down.
Also they can scan a computer using multiple security companies at once and don't install tonnes of junk virus updates. People get viruses, then install all kinds of programs to get rid of them and end up with more problems because of a slowed down system cause of so many programs.
Cloud scanners need no installation
Dave:
You need to properly clean it. Since you failed to give any relevant info, we really cant help you (like the name of the process, name of the virus/malware etc)

Grab a free copy of malwarebytes at http://www.malwarebytes.org. Install and run the scan. Clean off anything it finds.

If that doesn't completely solve the issue, you should now be able to do a system restore to a point prior to the problem (unless you've let it sit for a long time and that restore point is no longer available).

If you still can't get it, I recommend using a service to clean your PC, like http://www.cleanourcomputer.com they will remotely access your PC while you watch and clean it up!

Cyber-Medic:
Have you tried Malwarebytes? if not download it and run a scan. I have not found any malware that can get by it. BTW the process is not running from a file but from the registry. See if it is located in your programs and features and uninstall it. A good tech can delete it from the registry but if you do not know what you are doing never enter the registry.
chrisjbsc:
Re-install Windows.
Fathered:
Download Malwarebytes-anti malware and Avast. If that doesn't work then you have to go to Youtube and find out how to manually delete it which is a PAIN.
?:
Any decent anti-virus should find them if it is a virus. So how are you sure it is a virus? You know more than the anti-virus companies?

LEAVE A COMMENT