Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with svcvmx. Task manager does not open even in safe mode


  • This topic is locked This topic is locked
39 replies to this topic

#1 rjscoder

rjscoder

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 01 August 2017 - 05:22 AM

Issues

  • Task manager closes automatically
  • Google redirects on any search to Yahoo
  • Network is disabled, cannot connect to internet
  • Control panel freezes when trying to open
  • Malware Bytes Pro errors when trying to open
  • Windows Defender disabled and will not enable

 

Tried

  1. MBAR
  2. Malware Bytes Pro
  3. Hitman Pro
  4. Zemana Antimalware
  5. AdwCleaner
  6. RogueKiller
  7. TronScript 
  8. Junkware Removal Tool

I've resolved several of the issues by trying these programs in safe mode w/ networking.

 

Result

 

After finishing all these scans I don't see any traces anymore.

But Task Manager still closes immediately when trying to open it.


Edited by rjscoder, 01 August 2017 - 11:04 PM.


BC AdBot (Login to Remove)

 


#2 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 01 August 2017 - 05:00 PM

Just ran another MalwareBytes scan for fun, and it actually found one...Yelloader

 

Quarantined and rebooted, but still can't open task manager

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2485
License: Trial

File: 1
Adware.Yelloader, C:\WINDOWS\SYSTEM32\MSWAROE.EXE, Quarantined, [1330], [421865],1.0.2485

Edited by rjscoder, 01 August 2017 - 07:15 PM.


#3 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 01 August 2017 - 07:19 PM

Event viewer shows errors when I try to open task manager. Have tried the steps on this site with no success

Faulting application name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Faulting module name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Exception code: 0xc0000005
Fault offset: 0x0000000000028db6
Faulting process id: 0xba8
Faulting application start time: 0x01d30b2494d1a3c8
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: ba954c64-1a56-4cf2-b6f6-fb043291f214
Faulting package full name: 
Faulting package-relative application ID: 

C:\WINDOWS\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

Edited by rjscoder, 01 August 2017 - 07:45 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 PM

Posted 01 August 2017 - 10:17 PM

Greetings rjscoder and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall All Microsoft and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 01 August 2017 - 10:37 PM

deleted


Edited by rjscoder, 02 August 2017 - 09:19 PM.


#6 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 01 August 2017 - 10:39 PM

deleted


Edited by rjscoder, 02 August 2017 - 09:19 PM.


#7 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 01 August 2017 - 10:56 PM

deleye


Edited by rjscoder, 02 August 2017 - 03:50 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 PM

Posted 02 August 2017 - 07:39 AM

Please copy and paste all report information in your reply. Use multiple posts if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 02 August 2017 - 07:50 AM

delete


Edited by rjscoder, 02 August 2017 - 03:50 PM.


#10 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 02 August 2017 - 07:51 AM

delete


Edited by rjscoder, 02 August 2017 - 03:51 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 PM

Posted 02 August 2017 - 08:05 AM

Thank you.

Please consider and do this. I will be away from my computer for several hours after posting this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
2017-07-30 20:15 - 2017-07-30 20:15 - 002768896 ____N (TOSHIBA CORPORATION) C:\WINDOWS\system32\mswaroe.exe
Folder: C:\Users\Matt\AppData\Local\pip
Task: {342293CA-29FD-4D4B-B544-057E68F4566F} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 02 August 2017 - 08:11 AM

delete


Edited by rjscoder, 02 August 2017 - 03:51 PM.


#13 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 02 August 2017 - 08:13 AM

Task manager still does not open



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 PM

Posted 02 August 2017 - 12:47 PM

Thank you.

Please do this.

===================================================

GrantPerms by Farbar

--------------------
  • Download GrantPerms for either 32 bit or 64 bit systems and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\WINDOWS\System32\Taskmgr.exe

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
  • Check Taskmgr
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Perms.txt
  • Taskmgr?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 rjscoder

rjscoder
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:15 PM

Posted 02 August 2017 - 12:57 PM

delete


Edited by rjscoder, 02 August 2017 - 03:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users