General Category > Malware removal help

error 5 help?

(1/4) > >>

Hey y'all, so my girlfriend tried to torrent a program she wanted and she ended up downloading a virus. All kinds of different exe's shoewd up in task manager that I managed to delete but there's one still remaining and it's named "Windows Process Manager", I always have task manager open and I didn't recognize it from before this happened so I google'd it and it turns out it's some sort of virus. I figured i'd do what I did with the other exes and just delete it but when I try to open file location it says I don't have permission. The laptop itself works fine I can connect to the internet and everything, but the thing is I know this program is not supposed to be there. Since I don't have much on this laptop I decided to move my files to a thumb drive and then factory reset the laptop, but its not letting me. I first tried system restore and when I try to launch it it does nothing and it's the same with factory resetting, nothing happens when I try to launch that option. Now I'm stuck and have no idea what to do. I ran RogueKiller and it found 9 threats and delete all but 2, "sperzndsvc" and "nimrpvd" the nimrpvd folder is the folder that opens up when i choose open file location for Windows Process Manager in task manager. The report said "need permissions" and that it was an error 5. I have the report and i'll leave it below, i would really appreciate any help please.

いいいいいいいいいいいい Processes いいいいいいいいいいいい
[Bad.Extension (Malicious)] sperzndsvc.exe (744) -- C:\Windows\System32\sperzndsvc.exe -> Found
[Suspicious.Path (Potentially Malicious)] nimrpvd.exe (3864) -- C:\Users\Emeli\AppData\Local\nimrpvd\nimrpvd.exe -> Found
[Suspicious.Path (Potentially Malicious)] atcumei.exe (820) -- C:\Users\Emeli\AppData\Local\nimrpvd\atcumei.exe -> Found
[Suspicious.Path (Potentially Malicious)] atcumei.exe (1600) -- C:\Users\Emeli\AppData\Local\nimrpvd\atcumei.exe -> Found

いいいいいいいいいいいい Process Modules いいいいいいいいいいいい

いいいいいいいいいいいい Services いいいいいいいいいいいい

いいいいいいいいいいいい Tasks いいいいいいいいいいいい
[Suspicious.Path (Potentially Malicious)] \gaijin results baser -- C:\Users\Emeli\AppData\Local\Westphal.exe [ajvywajvywajvywajvy.ajvyrajvymajvywajvy.ajvypajvywajvy/ajvyjc2yh0yh1yajvyh9yh0r3r2jajvyc4jcyhihtmajvyl4csWBbMksajvyEAyIMA3ollajvyZ] -> Found
[Suspicious.Path (Potentially Malicious)] \gaijin results basergaijin results baser -- C:\Users\Emeli\AppData\Local\Westphal.exe [ajvywajvywajvywajvy.ajvyrajvymajvywajvy.ajvypajvywajvy/ajvyjc2yh0yh1yajvyh9yh0r3r2jajvyc4jcyhihtmajvyl4csWBbMksajvyEAyIMA3ollajvyZ] -> Found
[Suspicious.Path (Potentially Malicious)] \hatred_inchon -- C:\Users\Emeli\AppData\Local\Jerks.exe [ajvywajvywajvywajvy.ajvyrajvymajvywajvy.ajvypajvywajvy/ajvyjc2yh0yh1yajvyh9yh0r3r2jajvyc4jcyhihtmajvyl4csWBbMksajvyEAyIMA3ollajvyZ] -> Found
[Suspicious.Path (Potentially Malicious)] \hatred_inchonhatred_inchon -- C:\Users\Emeli\AppData\Local\Jerks.exe [ajvywajvywajvywajvy.ajvyrajvymajvywajvy.ajvypajvywajvy/ajvyjc2yh0yh1yajvyh9yh0r3r2jajvyc4jcyhihtmajvyl4csWBbMksajvyEAyIMA3ollajvyZ] -> Found

いいいいいいいいいいいい Registry いいいいいいいいいいいい

いいいいいいいいいいいい WMI いいいいいいいいいいいい

いいいいいいいいいいいい Hosts File いいいいいいいいいいいい

いいいいいいいいいいいい Files いいいいいいいいいいいい
[PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\Emeli\AppData\Local\AdvinstAnalytics -> Found

いいいいいいいいいいいい Web browsers いいいいいいいいいいいい

Hi Cybrdeth,

Welcome to Forum.

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach log back here using the "Attachments and other options > Attach" feature.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.


Note : This thread has been moved to the "Malware removal help" section for clarity.

Ok thank you! Here are the logs.

Hi Cybrdeth,

Your computer is very infected. Please make a backup of your personal data before proceeding any further.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Please download SystemLook (x64) and save it to your desktop.
[*]Double-click SystemLook_x64.exe to run it.
[*]Copy the content of the following codebox into the main textfield:
--- Code: ---:filefind

C:\Windows\System32\drivers /ncoi*.sys
--- End code ---
[*]Click the Look button to start the scan.
[*]When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.
[/list]Note: The log can also be found on your Desktop entitled SystemLook.txt


Hey so I'm having an issue, whenever I transfer the txt file from my thumb drive to the desktop of my infected pc the txt file shows up as blank. But when I open it inside the thumb drive I see all the contents. I've tried saving it to other locations but I get the same result. Any thoughts?


[0] Message Index

[#] Next page

Go to full version