Windows 10: Heavily Infected by svchost.exe and Poweliks. Solved

Page 2 of 3 FirstFirst 123 LastLast
  1.    14 Apr 2018 #11

    Hi folks

    If your computer is infected don't waste your time spending hours on trying to "dis-infect it". You can't ever be sure that the program does its job 100%

    Using an infected computer to cleanse / disinfect itself is like if you are a Pilot and told here's a defective plane but you have to fly it and fix it in the air !!!!!. As a licensed Private Pilot you know what my answer would be to that one !!!!

    Simply restore a clean image (Macrium Free if you have it) --if you haven't then the only sensible way is a clean Windows install. You won't lose activation on any clean installs. Then always make sure you have a clean backup image --if you keep OS / Data separately image can be taken / restored even on older systems within 30 mins at most.

    You are also 100% isolated against Ransomware as well -- simply disconnect computer from internet, switch off immediately, re-boot your restore program and restore clean image.

    Cheers
    jimbo
      My ComputerSystem Spec


  2. Posts : 59
    Microsoft Windows 10 Home 64-bit
    Thread Starter
       14 Apr 2018 #12

    I mention Poweliks because it's the only virus that comes to mind that closes Chrome. It's also located the in registry so it could be hidden. I tried the suggestion of scanning in malwarebytes offline and it detected a whole lot more. I then tried the RKILL steps and was able to run poweliks cleaner which successfuly cleaned Poweliks as well.

    So I think most is gone now. I've managed to clean most things. The reason I don't reset is because of the applications I have on this pc and I don't have time to reinstall them as I use them for work.

    I'll marked as solved now. Thanks to all the people that helped me. Thanks again.
    Last edited by youngtomlin; 14 Apr 2018 at 11:51.
      My ComputerSystem Spec

  3.    14 Apr 2018 #13

    youngtomlin said: View Post
    I mention Poweliks because it's the only virus that comes to mind that closes Chrome. It's also located the in registry so it could be hidden. I tried the suggestion of scanning in malwarebytes offline and it detected a whole lot more. I then tried the RKILL steps and was able to run poweliks cleaner which successfuly cleaned Poweliks as well.

    So I think most is gone now. I've managed to clean most things. The reason I don't reset is because of the applications I have on this pc and I don't have time to reinstall them as I use them for work.

    I'll marked as solved now. Thanks to all the people that helped me. Thanks again.
    Hi.
    Thanks for posting your steps (MBAM offline, then RKILL steps, then Poweliks cleaner). I'm sure it will help others in the future who come here with similar problems.

    I would suggest running an ESET online scan for a final "all-clear", just to be sure.

    Then, get some Macrium imaging in place, and run it regularly. It's much easier to recover from things this way.
    Backup and Restore with Macrium Reflect Windows 10 Tutorials

    Cheers!
      My ComputerSystem Spec


  4. Posts : 59
    Microsoft Windows 10 Home 64-bit
    Thread Starter
       14 Apr 2018 #14

    Hello

    I will do this now and set up a backup.

    Thank you.
      My ComputerSystem Spec

  5.    14 Apr 2018 #15

    youngtomlin said: View Post
    Hello

    I will do this now and set up a backup.

    Thank you.
    Great. You're very welcome. :)
      My ComputerSystem Spec


  6. Posts : 59
    Microsoft Windows 10 Home 64-bit
    Thread Starter
       14 Apr 2018 #16

    Quick update. Eset came back all clear and Macrium backups are now in place.

    :)
      My ComputerSystem Spec

  7.    14 Apr 2018 #17

    Good to hear! Thanks for posting back with an update.

    You will thank yourself time and time again in the future with Macrium. Total life saver.
      My ComputerSystem Spec

  •    15 Apr 2018 #18

    youngtomlin said: View Post
    Quick update. Eset came back all clear and Macrium backups are now in place.

    :)
    Brilliant!
    If you have any issues with the operating system, let us know - could be some DISM commands will fix things.
    Matter of fact, you might run sfc /scannow from an admin command prompt to make sure the OS is in good shape after that attack.
    Cheers.
      My ComputerSystem Spec

  •    15 Apr 2018 #19

    jimbo45 said: View Post
    Hi folks

    If your computer is infected don't waste your time spending hours on trying to "dis-infect it". You can't ever be sure that the program does its job 100%
    Hi.
    I have to disagree with this statement. If it is impossible to clean specific infections (like Poweliks), then tools would not be available to clean them. Yes, there are certain infections that simply cannot be completely cleaned because they modify too many system files. In these cases, it's clearly recommended to perform a clean install. But many infections are easy to clean, and take less time that a clean install, PLUS setting up all the user's personal software and licenses.

    jimbo45 said: View Post
    Simply restore a clean image (Macrium Free if you have it)
    Unfortunately, there are many users who don't have imaging software/backups in place when they come here for help. Yes, it's good to recommend, but doesn't help at that point.

    jimbo45 said: View Post
    You are also 100% isolated against Ransomware as well -- simply disconnect computer from internet, switch off immediately, re-boot your restore program and restore clean image.
    This is only true if the backup is not connected to the system at the time of infection, or after infection. Ransomware will attack all files, including connected external drives and network shares. So it's important to mention that the backups should be offline/disconnected from the computer when not being used. It should also be mentioned that the paid version of Macrium now has Image Guard, to prevent manipulation of the backups by nefarious actors.
      My ComputerSystem Spec

  •    15 Apr 2018 #20

    Hi there

    I always have 100 disconnection from Internet when taking backups and immediately store the backup device offline. My Backups on Windows are run via a read only bootable USB to load the backup / restore program.

    I should have mentioned that in the post!!

    I have to disagree though that using a Virus cleanser type program is quicker than re-storing a clean system -- especially when SSD's and USB 3 devices are involved -- on an SSD a typical Windows restore probably won't take more than 15 mins (if that) and you have 100% certainty your system is clean.

    As for DATA backups you need to control that in any way you see fit - there's no "one size fits all" method of data backups.
    However the main problem here is how to know whether any DATA files have been corrupted by any attack -- this actually is not a trivial exercise and here I'm interested to know how people check for "Data corruption" -- note I'm on about DATA here (personal files etc) rather than the OS which we've covered.

    It's possible for an attack say on your DATA files which you might not know about - that's where a lot of these AV programs fail -- they might be good at protecting the OS but DATA is an increasingly valuable commodity. You can't just compare old and new files - they usually aren't in readable ASCII format.

    I've found the only way that seems "semi-reliable" is any time I've changed a file is to re-open it again with whatever application -- e.g EXCEL or multi-media program for music / video and if it is OK then I send it away to a temporary file on my Linux NAS server for final update at the end of the day. Not perfect but I can't think of anything better here - so I'm open to ideas.

    No we've got people more used to the idea of backing up and protecting the OS - we need now to start sorting out the best way of protecting data before it gets saved to backups / cloud servers / NAS boxes etc.

    Cheers
    jimbo
      My ComputerSystem Spec


  •  
    Page 2 of 3 FirstFirst 123 LastLast

    Related Threads
    I have lately had few major windows updates on my laptop that is dual graphics and have a gtx 1050 ti card then I realized that all games I have started tearing heavily , so i started playing with Nvidia drivers switching between them back and forth...
    PC infected with malware in AntiVirus, Firewalls and System Security
    I recently ran kmspico.exe and couple other unverified programs(of course by mistake) and now my pc's loaded with malware and virus. I reset my pc completely but I still think there are virus files saved which weren't deleted as I had opted to kept...
    HELP: Is my network infected? in AntiVirus, Firewalls and System Security
    This is creepy... So, I decided I would visit HURR-DURR (basically like the original YouAreAnIdiot) on my Windows XP virtual machine (I use virtualbox). The machine was connected to the same WiFi as the host. I went to the page but instead of seeing...
    steps taken for infected Pc's. in AntiVirus, Firewalls and System Security
    I was hoping someone could give me a list of step by step instructions you use as a guide to clean virus, malware...etc. so I can keep my PC clean if it gets infected. thx
    Hi, I recently upgraded from 8.1 to 10. Performance seems great in general, but Visual Studio 2013 really slows down the system, both when parsing the project directory and during compiling. Chrome for example takes up to a minute to load a...
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 21:43.
    Find Us