MSE unable to remove Trojan:Win32/Powessere.A!reg

Bewos · 17 Nov 2014

Good Afternoon,

I noticed that my machine was bogging down, task manager was not displaying correctly, and the CPU usage was up so I ran a scan with Microsoft security essentials ( latest definitions as of 11/16) and the following trojan is on my system.

Trojan:Win32/Powessere.A!reg

MSE will detect the file and "remove" it but it comes back in the same place. ( scan done in safemode)

Here is what is listed when MSE detects the trojan

Items:
regkey:HKCU@S-1-5-21-1153185270-3147020460-2158656794-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32\

I have downloaded the Microsoft Respose Emergency Support program which again will detect and temporarily remove the trojan. but it comes back.

I also have run Malwarebyts amd it detected a few .PUPs that it will remove but they come back as well ( im assuming they are related to the trojan)

Isthere any other program that I can use to completley delete. this or are there steps that need to be taken to do a manual delete?

Thanks in advance

cottonball · 17 Nov 2014

Bewos,

Bummer:
http://www.microsoft.com/security/po...47277333#tab=1

Would suggest trying to get rid of this definite threat outside of Windows.

Do you have another computer (clean), and a USB pen drive?

On the infected computer, tap the F8 key when starting it, and get to the Advanced Boot Options
Do you have the option to Repair your computer on the menu?

If all of the above elements are available, we can run a specific program to help identify the pertinent malware entries, and then remove them.

.

mdd1963 · 17 Nov 2014

Malwarebytes Antimalware
Hitman Pro (free to scan, but once/ if activated, will cleanse infections for only a 30 day trial)

Might also look at Avast's aswMBR (antirootkit)

EMSISoft and ESET also have good rootkit and/or portable (and in some cases bootable) tools....

(Kaspersky has a good bootable Rescue CD)

Bewos · 18 Nov 2014

Thanks to everyone that replied. I was able to run ESETPoweliksCleaner and it seems to have done the trick. Ill give it a few days and run a few more scans before I call the system completely cleaned.

The only issue I still have is the task manager is still messed up. if I CTL+ALT+DEL the task manager comes up, I can see the programs running but I don't have the option to look at the additional tabs like I did in the past ( No processes, services,performance etc ) is there some easy way to reinstall this?

Thanks again,

cottonball · 18 Nov 2014

Did the ESET Poweliks Cleaner identify and remove Powessere.A!reg?

If the headers are hidden, double-click in the white border/space to the left of the thin line that outlines the Task and Status.

Let us know if you get your headers back.

Bewos · 18 Nov 2014

When I ran ESET power cleaner and the following message was displayed: Win32/Poweliks was found on your system. I had the program remove it and have subsequently ran MSE which did not detect Powessere.A!reg?. I will try to get the task manager up and running using the advice listed and I will let you now if that works.

mdd1963 · 04 Dec 2014

Had I heard any actual classic telltale Poweliks symptoms (high cpu useage, multiple dllhost.exe *32 instances in task manager, then recommending a Poweliks cleaner would have come easier. However, we seemed to learn, at least, that MS's assorted scanning/clearing tools don't yet identify the infection by the name, "poweliks"....

mdd1963 · 19 Dec 2014

Norton also has a free Poweliks-specific tool available...

MEM · 31 Dec 2014

I have been removing virus threats and malware from my clients computers with hardly a blip on the screen from my own.
This Powessre is nasty, had to pull all the stops out to be able to get this far with my HP Laptop.

The CPU usage was so high I thought she was going to blow, but after a quick scan with malwarebytes found a couple of suspicious items, deleted them and then rebooted. CPU quieted down but then weird stuff started happening, all my text files, on the hard drive and in my drop box became unreadable and had been changed to an Open Office format that I can no longer read. And every jpg on the laptop, in programs, in drop box, in tutorials was also changed to the Open Office format that cannot be fixed or viewed in any of my editing programs.

I had just backed up my whole computer 2 days before so I am okay in that regard, but man o man, this is one nasty bitch.

When I go to any of the sites listed here to try different anti viral methods, my laptop sternly reports that I am not allowed to download any kool stuff to try to eradicate this beast. I developed a work around, but whoever wrote this virus really knows their business....

Thanks to all of you who try to help....I for one am very very grateful..

mdd1963 · 31 Dec 2014

The variant MEM seems to be facing is perhaps a new one, as I do not recall hearing any file associations changed in previous instances; might be a more hostile variant of it, bent on wanton destruction, especially if there is not a ransom request. (If no ransom request, what benefit to making files inaccessible? Who can read the minds of miscreant malware writer idiots....?)