Greetings.
I'm trying to remove a nasty W7x64 startup task/service but can't seem to be able to find it. Tried Startup, Services, HKLM/.../Wow6432Node/, HKLM/.../run/, HKCU/.../run/ to no avail , and msconfig does not report it. What are the other possible locations?
Many thanks and best regards,
Hi goopy,
You have been asked several times by different members to update your system specifications. This is for your benefit so that we can help you by giving you the correct advice based on your specifications!
Update System Specifications
Please update your system specifications in your UserCP => Edit System Spec setup. It will help us to help you!
This SevenForums tutorial [Published by Brink and written by CyberZeus] uses an automated tool which makes this task very easy and quick to do. Click here => System Info - See Your System Specs.
Thanks.
Greetings Paul,
1. Would you be kind enough to provide a list of all locations where startup tasks/services can be found?
2. You could try installing samsung magician. It's quite benign and does provide an option for removal from startup.
Many thanks and best regards,
Hi All,
Greets,
I understand what you are dealing with. Make a System Image & try these Utilities. They are very powerful tools. So, use them carefully.
Avoid touching Registry as long as you are not sure!
1. You should try Autoruns (M$) in first place.
2. If you are trying to find out problematic things. You can also try Process Explorer (M$) & Process Monitor (M$)
3. Here is some help : Schooling Autoruns & Other Sysinternals (M$) Utilities
4. You can also try using AdwCleaner ( by Malwarebytes )
Just To Mention :
You are not supposed to remove everything that is detected/listed in the AdwCleaner. You have to be selective! You should be very sure what thing(s) you want to remove otherwise you will be removing false positives & will get in real trouble.
While dealing with SysInternals Utilities, you will only get in trouble by your own mistake(s)!
Rest is up to you
Thanks & Regards. ...
Hi Goopy,
It might also be in Task scheduler LOCAL or prefetch.
If Autoruns fails to find it run this tool - note some AV's report it as malware IT IS NOT frequently used by Malware fighters in security forums, including Malwarebytes
copy/paste both reports
Download Farbar Recovery Scan Tool
select the applicable 32/64 download
Roy
Hi Goopy
Good catch there then.
Just highlight each one, there's an option to delete, see that in your screenshot, right hand side
If that fails HIGHLY unlikely, we can remove them with the other tool i asked you to run
Please run it anyway AFTER a reboot copy/post both logs,see below, note Farbar = FRST
Im somewhat concerned, they may have spawned other processes -
(it might have been installed via the Yandex browser)
Post the results in the BleepingComputers Malware section- I'm no malware expert
Virus, Trojan, Spyware, and Malware Removal Help Forum - BleepingComputer.com
cross reference this thread, i'll keep an eye on it, im a member there too
In regard to your other thread re MBR/EUFI
it does sound like theres something wrong with your boot manager files
run SFC/scannow
and read this tutorial
Bootmgr is missing - Fix
Are you dual booting by any chance
Roy
Last edited by torchwood; 19 Oct 2019 at 11:54.
Hi All,
Greets,
@torchwood : Great Stuff Sir, Thanks.
@goopy : Now that its sure you have infections.
1. Please Image your system first of all, It may help you if you get in problem while troubleshooting :
See : Macrium Reflect Free
2. While troubleshooting follow the seniors in first place!
I suggest to give some space in between using different utilities to actually make out the things but at times, it may be crucial to run utilities in quick succession one after another to eliminate an infection & stop it from coming back.
3. If the things don't work for you, ( You may restore the system image if you feel like & ) use rescue disks because the infections are best removed when they are Offline!
In my personal opinion here : not to use multiple things in quick succession to actually make out what is working for you & what is doing the damage.
Bootable Antivirus Rescue CDs for Offline Scanning
Good ones in my opinion : Bitdefender , ESET, Kaspersky, Windows Defender Offline.
And/OR
You can use Kyhi Sir's Win 10 Recovery Media and run Malwarebytes, SUPERAntiSpyware , ESET' Free Online Scanner , etc. from there.
Thanks & Regards. ...
Last edited by Vineet Garg; 20 Oct 2019 at 03:55. Reason: Adding Suggestions!
Quote