[SOLVED] Please help to remove "Windows Process Manager" virus/malware/rootkit

xtcmax

Honorable
Dec 25, 2012
7
0
10,520
Hello.
I just got a virus on my PC and I can't remove it using conventional software like:
- Malwarebytes anti rootkit
- Malwarebytes anti malware
- Hitman pro
- Protect Scan Portable

I did google the problem, tried some of the advice but nothing worked.

Problem:
At first I was getting a lot of instances of obese.exe and oc.exe. I found all the instances of the files and removed the manually.
Now I am getting this Addres has been blocked redirect all the time and the virus is sitting on my PC unremoved by all the anti virus programs.
Also !!!!! It seems like I can't do system restore because my PC does not reboot into Troubleshoot mode when I press SHIFT+Reboot. The PC can be rebooted in Safe Mode but Recovery Program will not run.

Below are the screenshots of the virus and the message I am getting from Nod32.

screenshot_222.jpg


screenshot_225.jpg


screenshot_226.jpg


screenshot_227.jpg


Please help me to remove this from my PC.


Thank you in advance.
 
Solution
Thank you all for participating in this thread. I really appreciate all of you trying to help me/give advice. Even though you all kind of came to consensus on clean install, the virus was easily removed by the following steps:

1. Download Farbar Recovery Scan Tool x64 or x32 to flash drive
2. Restart Windows into Recovery Mode CMD prompt
3. Open Notepad by typing "notepad" to find out the letter of your flash drive
4. Run the program from flash drive

The program removed all traces of the virus by itself, at the same time when I googled the problem some additional steps had to be taken. I might have gotten lucky somehow.

To mazboy: I accidentally clicked on -1 on your first message, I did not mean any disrespect. Plz forgive me.

canadianvice

Distinguished
Jul 25, 2012
235
1
19,115
The last thing that may be worth trying is a boot disc. Kaspersky, Avast, ESET, and I think BitDefender offer free emergency liveCds. These scan your computer from a linux based environment, which will hopefully preclude the virus from starting, and therefore, from being able to stop its deletion.

Be aware they use linux, so they don't respect Windows file permissions as much and hardcore infection may mean a broken OS install.... but you're already kind of there anyway, so, you don't really have much to lose.
 

mazboy

Prominent
Dec 28, 2017
54
0
610
That assumes a CD/DVD drive. I'm too lazy to look: do they offer a .iso file that can be loaded onto a USB stick? That'd be good practice before using DBAN to wipe the HDD preparatory to a clean install...
 

mazboy

Prominent
Dec 28, 2017
54
0
610
the problem with a virus is that you never know what gets left behind that's going to niggle with you the rest of your days. The virus-makers are always ahead of the anti-virus guys anyway, and that assumes that all your OS, application, and driver patches are up-to-date and in place. In the end, chasing down a virus and all it's little kinder is less fun than just bemoaning the fact that you need to do a wipe and clean install of the OS, your applications, and your data (from a backup file made before the infection).

That's my opinion. Your mileage may vary...
 

canadianvice

Distinguished
Jul 25, 2012
235
1
19,115


YUMI can do that, worst case scenario. It's not that hard to find a disc drive, and worst case, just buy a usb one and return it.
 

mazboy

Prominent
Dec 28, 2017
54
0
610


I prefer rufus myself, but same same. I wasn't aware those AV boot disks were on offer for free.
 

USAFRet

Illustrious
Moderator


If a friend or family member came to me with a system like that, and had done what you said you did..I'd spend about 30 seconds before "Wipe and reinstall"

Some things can't be "fixed" in place.
 

canadianvice

Distinguished
Jul 25, 2012
235
1
19,115


This is true. As a low-key technician at a certain red-themed retailer, we basically only have two steps for fixes (no doubt somewhat motivated by money), but my experience reflects that it's really not the worst way of dividing work ever conceived:

1. Trivial (missing icon, a quick regedit, resetting something, installing a driver)
2. Full wipe

Often times the amount of time you'd screw around trying to fix the virus would be enough to get it back to where it was on a clean install anyway. If you do end up reinstalling OP, check out ninite as it's an automatic installer for common free-distribution applications (chrome, java, firefox, skype, sumatraPDF, mediamonkey, etc. etc. etc.) which will save some time.

Another tip, as I like to do, if you do clean-reinstall, is get it how you like it, and then make an image of the drive. If anything gets screwy, it's basically a totally automatic restore to good days.

If you can use a Windows boot disc or similar, OP, you can use the command tools on them to copy over files from the drive. What I always do is:

ROBOCOPY c:\Users <new drive or USB drive plugged in> /S /XD appdata temp "temporary internet files" programdata
<New drive:>
<CD (if needed) to users dir>
Del *.zip *.msi *.exe *.jar *.7z *.rar /s /q

Basically that copies all your user files out, and then purges the filetypes most likely to be not nice. Keep in mind it purges any of them, which means you may lose some data, but usually it's nothing huge.
 

mazboy

Prominent
Dec 28, 2017
54
0
610
regard backup: install an extra HDD and use the built-in Win10 backup utility to do incremental backups to it (settings->Update & Security->Backup
Make sure "Automatically back up my files" is turned on. Click on "More Options". Set the interval, the folders you want to back up, and the target drive)

Then use an external HDD to backup your data files at least once a week,

Then do an image backup up every couple of weeks. Like the man said, it's instant restore, and it's built right into Win7/8/8.1/10: control panel->System and Security->File History->System Image Backup [found at the bottom left of the window]->Create a System Image->
 
make sure you run ad blocking software a lot of virus can be back ground installed with out a pop up blocker. most free software are not free most now are now just dropers for bad software to infect pcs. ame with a lot of free sites that have drivers and software. if they want to install there own downloader walk away from those sites.
 

xtcmax

Honorable
Dec 25, 2012
7
0
10,520
Thank you all for participating in this thread. I really appreciate all of you trying to help me/give advice. Even though you all kind of came to consensus on clean install, the virus was easily removed by the following steps:

1. Download Farbar Recovery Scan Tool x64 or x32 to flash drive
2. Restart Windows into Recovery Mode CMD prompt
3. Open Notepad by typing "notepad" to find out the letter of your flash drive
4. Run the program from flash drive

The program removed all traces of the virus by itself, at the same time when I googled the problem some additional steps had to be taken. I might have gotten lucky somehow.

To mazboy: I accidentally clicked on -1 on your first message, I did not mean any disrespect. Plz forgive me.
 
Solution