Solved MSE unable to remove Trojan:Win32/Powessere.A!reg

Bewos

New member
Local time
8:44 AM
Messages
5
Good Afternoon,

I noticed that my machine was bogging down, task manager was not displaying correctly, and the CPU usage was up so I ran a scan with Microsoft security essentials ( latest definitions as of 11/16) and the following trojan is on my system.

Trojan:Win32/Powessere.A!reg

MSE will detect the file and "remove" it but it comes back in the same place. ( scan done in safemode)

Here is what is listed when MSE detects the trojan

Items:
regkey:HKCU@S-1-5-21-1153185270-3147020460-2158656794-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32\

I have downloaded the Microsoft Respose Emergency Support program which again will detect and temporarily remove the trojan. but it comes back.

I also have run Malwarebyts amd it detected a few .PUPs that it will remove but they come back as well ( im assuming they are related to the trojan)


Isthere any other program that I can use to completley delete. this or are there steps that need to be taken to do a manual delete?

Thanks in advance
 

My Computer My Computer

At a glance

windows 7 home premium 64i7 9209 gignvidea Geforce GTS240
Computer Manufacturer/Model Number
Dell XPS 9000
OS
windows 7 home premium 64
CPU
i7 920
Memory
9 gig
Graphics Card(s)
nvidea Geforce GTS240
Sound Card
Realtek intergrated
Bewos,

Bummer:
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32%2fPowessere.A%21reg&ThreatID=-2147277333#tab=1

Would suggest trying to get rid of this definite threat outside of Windows.

Do you have another computer (clean), and a USB pen drive?

On the infected computer, tap the F8 key when starting it, and get to the Advanced Boot Options
Do you have the option to Repair your computer on the menu?

If all of the above elements are available, we can run a specific program to help identify the pertinent malware entries, and then remove them.


.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Malwarebytes Antimalware
Hitman Pro (free to scan, but once/ if activated, will cleanse infections for only a 30 day trial)

Might also look at Avast's aswMBR (antirootkit)

EMSISoft and ESET also have good rootkit and/or portable (and in some cases bootable) tools....

(Kaspersky has a good bootable Rescue CD)
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD A45 GBIntegrated Radeon
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD A4
Memory
5 GB
Graphics Card(s)
Integrated Radeon
Hard Drives
500 gb WD
Antivirus
360 TS
Browser
IE
Thanks to everyone that replied. I was able to run ESETPoweliksCleaner and it seems to have done the trick. Ill give it a few days and run a few more scans before I call the system completely cleaned.

The only issue I still have is the task manager is still messed up. if I CTL+ALT+DEL the task manager comes up, I can see the programs running but I don't have the option to look at the additional tabs like I did in the past ( No processes, services,performance etc ) is there some easy way to reinstall this?

Thanks again,


http://kb.eset.com/esetkb/index?page=content&id=SOLN3587
 

My Computer My Computer

At a glance

windows 7 home premium 64i7 9209 gignvidea Geforce GTS240
Computer Manufacturer/Model Number
Dell XPS 9000
OS
windows 7 home premium 64
CPU
i7 920
Memory
9 gig
Graphics Card(s)
nvidea Geforce GTS240
Sound Card
Realtek intergrated
Did the ESET Poweliks Cleaner identify and remove Powessere.A!reg?

If the headers are hidden, double-click in the white border/space to the left of the thin line that outlines the Task and Status.

Let us know if you get your headers back.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
When I ran ESET power cleaner and the following message was displayed: Win32/Poweliks was found on your system. I had the program remove it and have subsequently ran MSE which did not detect Powessere.A!reg?. I will try to get the task manager up and running using the advice listed and I will let you now if that works.
 

My Computer My Computer

At a glance

windows 7 home premium 64i7 9209 gignvidea Geforce GTS240
Computer Manufacturer/Model Number
Dell XPS 9000
OS
windows 7 home premium 64
CPU
i7 920
Memory
9 gig
Graphics Card(s)
nvidea Geforce GTS240
Sound Card
Realtek intergrated
Had I heard any actual classic telltale Poweliks symptoms (high cpu useage, multiple dllhost.exe *32 instances in task manager, then recommending a Poweliks cleaner would have come easier. However, we seemed to learn, at least, that MS's assorted scanning/clearing tools don't yet identify the infection by the name, "poweliks"....
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD A45 GBIntegrated Radeon
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD A4
Memory
5 GB
Graphics Card(s)
Integrated Radeon
Hard Drives
500 gb WD
Antivirus
360 TS
Browser
IE
Norton also has a free Poweliks-specific tool available...
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD A45 GBIntegrated Radeon
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD A4
Memory
5 GB
Graphics Card(s)
Integrated Radeon
Hard Drives
500 gb WD
Antivirus
360 TS
Browser
IE
I have been removing virus threats and malware from my clients computers with hardly a blip on the screen from my own.
This Powessre is nasty, had to pull all the stops out to be able to get this far with my HP Laptop.

The CPU usage was so high I thought she was going to blow, but after a quick scan with malwarebytes found a couple of suspicious items, deleted them and then rebooted. CPU quieted down but then weird stuff started happening, all my text files, on the hard drive and in my drop box became unreadable and had been changed to an Open Office format that I can no longer read. And every jpg on the laptop, in programs, in drop box, in tutorials was also changed to the Open Office format that cannot be fixed or viewed in any of my editing programs.

I had just backed up my whole computer 2 days before so I am okay in that regard, but man o man, this is one nasty bitch.

When I go to any of the sites listed here to try different anti viral methods, my laptop sternly reports that I am not allowed to download any kool stuff to try to eradicate this beast. I developed a work around, but whoever wrote this virus really knows their business....

Thanks to all of you who try to help....I for one am very very grateful..
 

My Computer My Computer

At a glance

windows 7 home
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
windows 7 home
The variant MEM seems to be facing is perhaps a new one, as I do not recall hearing any file associations changed in previous instances; might be a more hostile variant of it, bent on wanton destruction, especially if there is not a ransom request. (If no ransom request, what benefit to making files inaccessible? Who can read the minds of miscreant malware writer idiots....?)
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD A45 GBIntegrated Radeon
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD A4
Memory
5 GB
Graphics Card(s)
Integrated Radeon
Hard Drives
500 gb WD
Antivirus
360 TS
Browser
IE
Did more research last night, Happy New Years, by the way and from what I understand is that the commands coming from the robots are to gather as much info as possible and send to the host who
then decides to keep or dump the info.

I did a whole computer scan last night for extension .odshbvm types and files and they go all the
way back to the day I bought the laptop in 2012. If you have a photo on the hard drive titled,
"baby girl.jpg", the new file is "baby girl.jpg.odshbvm" rendering it useless to me and unable to change
it back even after trying to drop the extension.odshbvm.
The computer says it is a .odshbvm file and cannot be changed. Every text, every photo, every
PDF has been changed to file type .odshbvm.

The info on this virus also says that it can drop on other computers in your system, especially if you
use Drop Box or one of the other Box sharing sites.

The offending laptop is now out of service with no internet access and will become my own personal
movie screen, photo editing and game room. All passwords have been changed and my banks
have also been checked and passwords changed there also.

Thank you so much
MEM
 

My Computer My Computer

At a glance

windows 7 home
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
windows 7 home
Back
Top