Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSE unable to remove Trojan:Win32/Powessere.A!reg

17 Nov 2014   #1
Bewos

windows 7 home premium 64
 
 
MSE unable to remove Trojan:Win32/Powessere.A!reg

Good Afternoon,

I noticed that my machine was bogging down, task manager was not displaying correctly, and the CPU usage was up so I ran a scan with Microsoft security essentials ( latest definitions as of 11/16) and the following trojan is on my system.

Trojan:Win32/Powessere.A!reg

MSE will detect the file and "remove" it but it comes back in the same place. ( scan done in safemode)

Here is what is listed when MSE detects the trojan

Items:
regkey:HKCU@S-1-5-21-1153185270-3147020460-2158656794-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32\

I have downloaded the Microsoft Respose Emergency Support program which again will detect and temporarily remove the trojan. but it comes back.

I also have run Malwarebyts amd it detected a few .PUPs that it will remove but they come back as well ( im assuming they are related to the trojan)


Isthere any other program that I can use to completley delete. this or are there steps that need to be taken to do a manual delete?

Thanks in advance


My System SpecsSystem Spec
.
17 Nov 2014   #2
cottonball

Windows 7 Home Premium
 
 

Bewos,

Bummer:
http://www.microsoft.com/security/po...47277333#tab=1

Would suggest trying to get rid of this definite threat outside of Windows.

Do you have another computer (clean), and a USB pen drive?

On the infected computer, tap the F8 key when starting it, and get to the Advanced Boot Options
Do you have the option to Repair your computer on the menu?

If all of the above elements are available, we can run a specific program to help identify the pertinent malware entries, and then remove them.


.
My System SpecsSystem Spec
17 Nov 2014   #3
mdd1963

Windows 7 Home Premium 64 bit
 
 

Malwarebytes Antimalware
Hitman Pro (free to scan, but once/ if activated, will cleanse infections for only a 30 day trial)

Might also look at Avast's aswMBR (antirootkit)

EMSISoft and ESET also have good rootkit and/or portable (and in some cases bootable) tools....

(Kaspersky has a good bootable Rescue CD)
My System SpecsSystem Spec
.

18 Nov 2014   #4
Bewos

windows 7 home premium 64
 
 

Thanks to everyone that replied. I was able to run ESETPoweliksCleaner and it seems to have done the trick. Ill give it a few days and run a few more scans before I call the system completely cleaned.

The only issue I still have is the task manager is still messed up. if I CTL+ALT+DEL the task manager comes up, I can see the programs running but I don't have the option to look at the additional tabs like I did in the past ( No processes, services,performance etc ) is there some easy way to reinstall this?

Thanks again,


My System SpecsSystem Spec
18 Nov 2014   #5
cottonball

Windows 7 Home Premium
 
 

Did the ESET Poweliks Cleaner identify and remove Powessere.A!reg?

If the headers are hidden, double-click in the white border/space to the left of the thin line that outlines the Task and Status.

Let us know if you get your headers back.
My System SpecsSystem Spec
18 Nov 2014   #6
Bewos

windows 7 home premium 64
 
 

When I ran ESET power cleaner and the following message was displayed: Win32/Poweliks was found on your system. I had the program remove it and have subsequently ran MSE which did not detect Powessere.A!reg?. I will try to get the task manager up and running using the advice listed and I will let you now if that works.
My System SpecsSystem Spec
04 Dec 2014   #7
mdd1963

Windows 7 Home Premium 64 bit
 
 

Had I heard any actual classic telltale Poweliks symptoms (high cpu useage, multiple dllhost.exe *32 instances in task manager, then recommending a Poweliks cleaner would have come easier. However, we seemed to learn, at least, that MS's assorted scanning/clearing tools don't yet identify the infection by the name, "poweliks"....
My System SpecsSystem Spec
19 Dec 2014   #8
mdd1963

Windows 7 Home Premium 64 bit
 
 

Norton also has a free Poweliks-specific tool available...
My System SpecsSystem Spec
31 Dec 2014   #9
MEM

windows 7 home
 
 

I have been removing virus threats and malware from my clients computers with hardly a blip on the screen from my own.
This Powessre is nasty, had to pull all the stops out to be able to get this far with my HP Laptop.

The CPU usage was so high I thought she was going to blow, but after a quick scan with malwarebytes found a couple of suspicious items, deleted them and then rebooted. CPU quieted down but then weird stuff started happening, all my text files, on the hard drive and in my drop box became unreadable and had been changed to an Open Office format that I can no longer read. And every jpg on the laptop, in programs, in drop box, in tutorials was also changed to the Open Office format that cannot be fixed or viewed in any of my editing programs.

I had just backed up my whole computer 2 days before so I am okay in that regard, but man o man, this is one nasty bitch.

When I go to any of the sites listed here to try different anti viral methods, my laptop sternly reports that I am not allowed to download any kool stuff to try to eradicate this beast. I developed a work around, but whoever wrote this virus really knows their business....

Thanks to all of you who try to help....I for one am very very grateful..
My System SpecsSystem Spec
31 Dec 2014   #10
mdd1963

Windows 7 Home Premium 64 bit
 
 

The variant MEM seems to be facing is perhaps a new one, as I do not recall hearing any file associations changed in previous instances; might be a more hostile variant of it, bent on wanton destruction, especially if there is not a ransom request. (If no ransom request, what benefit to making files inaccessible? Who can read the minds of miscreant malware writer idiots....?)
My System SpecsSystem Spec
Reply

 MSE unable to remove Trojan:Win32/Powessere.A!reg




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Trojan:Win32/FakeSysdef
This computer again: http://www.sevenforums.com/browsers-mail/214851-ie9-32bit-context-menu-fails-w7-pro-64bit.html Here is some of what I know about the box build. I was asked to cleanup the aftermath of this: Encyclopedia entry: Trojan:Win32/FakeSysdef - Learn more about malware -...
System Security
Win32/fynlovski.aa trojan problem
Hello, I got Win32/fynloski.aa trojan today & I am not sure if I had completely removed it, as I had heard it reappears after some time if not successfully removed from the computer. Well, firstly I scanned my computer with Eset NOD 32 Antivirus & it found the trojan attached to my calc.exe...
System Security
Trojan:Win32/Comroki!rts
Downloaded and ran the Microsoft Safety Scanner and it found this. Trojan:Win32/Comroki!rts Safety Scanner removed so it says. All I found with Google besides sales pitches to buy things is this at MS. Encyclopedia entry: Trojan:Win32/Comroki - Learn more about malware - Microsoft Malware...
System Security
trojan downloader:win32/cutwail.ba HELP!
Microsoft Security Essentials discovered this trojan virus today and three times it said I needed to restart to clean computer yet, it never leaves and is caught again on returning to Desktop. I've looked this up on Microsoft KB and that document says to keep MSSE up to date however, the problem...
System Security
Trojan-Downloader.Win32.VB.bbl
I found this awesome virus "Trojan-Downloader.Win32.VB.bbl" and analyzed its behaviour in a VirtualBox and quickly found a weaknes :p It is very hard to remove, it closes antivirus setups and then deletes them, closes all windows containg anything about antivirus tools (even if you google anything...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:43.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App