Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New virus? "avewmsosvc.exe"


  • This topic is locked This topic is locked
3 replies to this topic

#1 Hayama

Hayama

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 13 December 2017 - 02:24 PM

Has anyone ever heard of this process? I can't find any info on any search engines, which is odd. I cannot end it through task manager, Process Explorer, Command Prompt, or anything else, even in full safe mode with a clean boot. Process Explorer shows that it is consistently creating subprocess "sihaglc.exe", which is constantly creating and ending multiple instances of "rekmpgn.exe", which itself sometimes has another subprocess of the same name.

 

So anyway, how this happened is my stupid boyfriend decided to download some shady stuff on my computer while I was sleeping last night. When I turned on my computer, there were ads playing through my speakers, but I couldn't find the source. I eventually found that many processes called "Collectives" and "Gilbride", continuously starting after ending them. There was also a process called Ampersands and AnonymizerLauncher, though those did not clone themselves. I eventually managed to locate all of the cloned copies of the Collectives and Gilbride executables and deleted them in safe mode. They didn't clone themselves and I no longer have the advertisement issues.

 

Anyway, I am still concerned about this avewmsosvc.exe process. I have no idea what it could be doing to my computer. I know that it kept adaware from starting and blocked Windows Defender from turning on real-time protection. It stopped the Spybot updater service from running, though I was able to run and update Malwarebytes (though it would not start after I restarted my computer without reinstalling - it also was unable to activate the real time protection), which did find 175 "problems", though not this process. I was able to install AVG (yes I uninstalled everything else) and it found no problems and doesn't seem to have trouble running.

 

Does anyone have any ideas? Is there another anti-virus or -malware I should try? I appreciate any help! Thanks!

 

Edit: Oh and if it helps, avewmsosvc.exe is in my System32 folder.


Edited by Hayama, 13 December 2017 - 02:26 PM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,827 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 13 December 2017 - 03:41 PM

I am pretty sure you are infected. On something like this I would post in the BC Virus Removal Forum after reading the pinned posts. A virus removal expert will be able to assist you. Make a note of what logs to attach in your first post. 



#3 Hayama

Hayama
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 13 December 2017 - 07:16 PM

Thank you, it seems that is what I will have to do. I did try something else, which was to mount my old HDD and connect my SSD as secondary, then delete the avewmsosvc.exe file, which I was able to do after changing ownership. However, it came back after switching the hard drives, so I'm at a loss. I'll post in the other forum, thank you for your help.



#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,844 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:24 AM

Posted 14 December 2017 - 10:19 AM

Since a new thread with the same title,

New virus? "avewmsosvc.exe"

 

has now been created in the "Am I infected?  What do I do?" forum this thread is being locked to avoid confusion.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

Travel is fatal to prejudice, bigotry, and narrow-mindedness, and many of our people need it sorely on these accounts.  Broad, wholesome, charitable views of men and things cannot be acquired by vegetating in one little corner of the earth all one's lifetime.

       ~ Mark Twain

 

 

 

              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users