Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winvmx Virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 Astromore

Astromore

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 13 April 2017 - 12:49 PM

Hey guys. I'm new to this forum but it's the only thing I've found in my research that has up-to-date responses with the type of problem i've run into.

 

Last night around midnight I got infected with the  

 

Winvmx Virus

 

This thing has complete hold over my computer. I spent six hours last night just trying to damage control to no avail. It wont let me start any antivirus programs Spyhunter, Norton Antivirus, Bitdefender, Mbar Nothing will start. Whenever I try to start their exe's it just gives me a "The requested resource is in use" error. 

 

I've tried locating the Winvmx folder and deleted it manually through my Regedit last night but still the error persists and i'm unable to start any anti-rootkit or anti-malware programs i've downloaded. Also windows recovery wont even start. Not sure if that has to do with the virus but at this point everything is pointing me to it.

 

In my startup processes I also have something called "Svcvmx" enabled that wont disable itself nomatter how many times I try along with something Called "Cpx" That is doing the same thing.

 

Thankfully windows defender continuously picks up some of the trojans it trys installing onto my computer whenever i boot my system but on every restart it tries to install them, some of them even require me to restart to fix them, which would in turn, cause more of them to be installed and caught when i reboot.

 

I'm a bit lost as to what to do here, frankly its causing me an immense sense of anxiety and I could really use someones help. Thank you for listening.

 

p.s. I have booted in safemode and it doesn't seem to have changed anything. I still cannot start any of my antivirus programs.


Edited by Astromore, 13 April 2017 - 01:30 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:02 AM

Posted 13 April 2017 - 08:40 PM

Welcome. :)

 

Lets check for a rootkit.

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Astromore

Astromore
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 13 April 2017 - 10:07 PM

Sorry for responding late. I am running the scan now. I'm actually surprised it ran. Previous versions weren't able to.

I'm on mobile now as well

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:02 AM

Posted 13 April 2017 - 10:12 PM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Astromore

Astromore
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 13 April 2017 - 11:06 PM

It found 957 malicious files and I did as instructed. Seems like my spyhunter is working now too. So this is a step towards my sanity returning fortunately. 

Attached Files



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:02 AM

Posted 13 April 2017 - 11:25 PM

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Astromore

Astromore
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 April 2017 - 12:18 AM

Alright seems like that's all done with here are the files.

 

 

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:02 AM

Posted 14 April 2017 - 07:59 AM

That FRST.txt still show the infection. Isn't this the previous one?


Edited by JSntgRvr, 14 April 2017 - 07:59 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Astromore

Astromore
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 April 2017 - 10:36 AM

Sorry it was late last night and i had lost sleep from the night before what with the panicking over a melted computer and all.

 

These should be the right files. I reran the scan this morning.

Attached Files


Edited by Astromore, 14 April 2017 - 10:37 AM.


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:02 AM

Posted 14 April 2017 - 01:06 PM

I am sorry, but the FRST.txt is practically empty. Can you try again?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Astromore

Astromore
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 April 2017 - 01:35 PM

I noticed that too. Thought it was strange but I've never used Farbar before. I reran it a couple times but the FRST txt file keeps coming up the same way empty. Are there any specific settings I need to have it at to create the txt in the way you need? I'm just hitting the scan button with all the default and addition files checked.

 

Heres one I just made after I moved it over to another folder. I don't think it's changed.

Attached Files

  • Attached File  FRST.txt   100bytes   0 downloads


#12 Astromore

Astromore
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 April 2017 - 01:40 PM

Ah I figured it out. I redownloaded it, norton must have restarted overnight and messed with it.

 

This should be it

Attached Files

  • Attached File  FRST.txt   104.08KB   1 downloads


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:02 AM

Posted 14 April 2017 - 01:46 PM

Those logs look clear. How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Astromore

Astromore
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 April 2017 - 01:53 PM

Things seem clear on my end. But it never really slowed down because as soon as i got it i freaked out and started trying to remove it. deleting anything related to it left and right. As little good as that did.

 

Ultimately without your help it would have bogged down my computer and cost me money i don't have. Really, thank you. I'll most likely donate because of your help over these past couple days your a life saver.



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:02 AM

Posted 14 April 2017 - 01:57 PM

Congratulations. :)

 

Lets do some cleanup:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Always keep you antivirus active and updated.

 

Best regards. :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users