Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Malware / I have no permissions to remove the files.


  • Please log in to reply
No replies to this topic

#1 Shoeboy

Shoeboy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 17 November 2017 - 09:58 PM

Hello, I accidentally installed what I'm 99% sure is malware in the same way that most many of us accidentally get infected (I'll spare you the details, the source of the download has long since been deleted by its publisher). Installing the program I downloaded infected my computer, and I suddenly had ten to twenty programs being downloaded onto my desktop. I managed to cleanse my computer of most of the suspicious/unwanted files, and now I'm left with just a few programs that I can't do anything about despite all of my efforts.

 

They aren't doing anything overly obnoxious; no pop-ups, not installing anything new. There's one program named "Client Service" (known as rtbvaoc.exe under the details section of my Task Manager) that (I assume) is creating several instances of "Windows Process Manager" (all of which known as iakulcb.exe). Whenever I attempt to end the process or the process tree, I get the error "Unable to terminate process - Access is denied". Whenever I try to go to the file location, I get the error "C:\Users\Adam\Appdata\Local\rtbvaoc is not accessible - Access is denied". I've located the folders manually but I'm unable to open said folders, nor can I delete them. When trying to do so (even when I attempt to start my computer in Safe Mode), I get the error "You need permission to perform this action / You require permission from Adams_PC\Adam to make changes to this folder", meaning I can't delete it even if the program isn't open. I've tried to forcefully take control of the folders using several programs, but even if it says that the task was successful it has no effect in regards to any of the previous attempts to shut the program down. I know where all of the folders are (there are two in my appdata folder and one .exe file in my System32 that also can't be touched by me). I've managed to get into one of the folders with a program used for unlocking files, but I was still barred access to any of it even though I could see all of the files in the folder.

 

I've tried to delete the files in safe mode as my computer's true admin, but even then I'm restricted from even opening the files. I've tried renaming them, editing permissions, etc. to no avail. I've tried to install several programs (such as Malwarebytes) and using security programs already on my computer, but the .exe installation files have their publishers blocked "for my safety" and cannot be installed. Any security programs that I already had installed cannot be opened either, meaning I have no way to scan my computer for malware either. Any malware scan that I've managed to do with programs that the  has come up negative, meaning that I apparently have no malware on or running on my computer when that's more than likely not the case.

 

I've tried a few other things that haven't worked, and I don't really know what to do about it. The file itself seems to have figured out every possible way that I would've attempted to remove it, and I'm far from a computer expert. It doesn't create any problems for me, really, other than drastically reducing my frames when I'm gaming and making my browser lag and need to be relaunched every hour or so. It also constantly changes my homepage to this website called "searching.com", which seems to be a harmless search engine with a bunch of ads that would very clearly install more malware if clicked on. It also constantly changes my default search engine engine from Google to Yahoo for some reason, which also seems relatively harmless? I'm still being incredibly cautious regardless. This has been persisting for a little over a month as I've been trying to fix the problem, and has done nothing of any serious damage beyond slowing my computer, but it's not something I'd like to live with in the last few months I'm going to have this laptop for. I managed to put a stop to the processes for awhile by going into my task manager and ending a specific process before it booted up, which stopped the "Windows Process Manager" instances, and my computer ran fine until it needed to be restarted, but I had to reboot my computer and now I can't remember how I managed to do it the first time.

 

Hopefully someone here has any idea how to deal with this.

 

tl;dr; These files have higher authority than even the rights of even the true admin account, can't be deleted and the processes can't be stopped, on-and-off again lagging my computer and I can't use antivirus programs to kill them (and they don't seem to be detected as malware either).

 

I'm using windows 8.1.

 

Thanks!



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users