I can't get rid of this virus, help?

Question:

I can't get rid of this virus, help?

Me

2013-01-24 07:33:41 UTC

So, about 1-2 months ago, I downloaded CoreTemp, for checking the temperature of your CPU, unfortunately it came bundled with IMinent
which was basically forced to install to your computer. Yes, nothing was ticked in the installation. There wasn't anything about IMinent in the installer.

So I started to notice the PC getting slower and slower, ran a full scan on a million different programs and found the usual viruses, but the system was still slower than usual

I ran RKill, which terminated malware processes found two malware processes running, now these are usual system32 processes, so i think theres probably a rootkit or a hijacker that cant be detected. Every time I start up my PC, i have to run RKill just so they terminate. tfswctrl.exe starts up every now and again.

tfswctrl.exe and stsystra.exe

Every time I start up my PC, i have to run RKill just so they terminate. tfswctrl.exe starts up every now and again.
Can anyone suggest how to remove these viruses? Any other programs that might be able to remove it?...If your just going to answer 'Uninstall the program' then I suggest you leave.

And yes, I have removed IMinent from the directory.

Eight answers:

David

2013-01-24 07:56:58 UTC

Hi

Just try the avg rescue cd down load the iso here.

http://www.avg.com/gb-en/avg-rescue-cd-download

Burn to a cd boot up and run the AV after updating.

This may find the virus while windows id not running.

Rosanne

2016-08-22 11:12:40 UTC

2

anonymous

2013-01-24 10:36:08 UTC

As you seem to realise, RKill will stop an infection from running, but won't remove it...so every time you reboot, it reactivates.

Rootkits are best tackled in Safe Mode. You could try the new Malwarebytes' Anti-Rootkit product:

http://www.malwarebytes.org/products/mbar/

This is the standard reply I would usually suggest (ignore the RKill section, as you already have it):

Try this:

Firstly, boot your computer to the Safe Mode menu screen. You do this by repeatedly pressing F8 as soon as you boot up. Once there, use the arrow keys to highlight Safe Mode with Networking. Continue to boot from there, by pressing Enter. You will now see some drivers being loaded. There will be a pause at some point. This usually lasts for no more than 30 seconds.

If that’s successful, open your browser, copy and paste this link into the address bar and press Enter. It's a direct download for RKill. Save it to your desktop, then run it. It takes just a minute to run. As it's running, any remaining desktop icons will vanish for a few seconds. When the notepad report is displayed, just close it.

http://download.bleepingcomputer.com/grinler/rkill.exe

RKill SHOULD HAVE STOPPED THE INFECTION(S) FROM RUNNING, BUT IT WON'T HAVE REMOVED IT / THEM.

Now open your browser and copy and paste this link into the address bar, and press Enter. It's a direct download for the free version of Malwarebytes' Anti-Malware (MBAM). Install it, get updates and run a full scan (still in Safe Mode):

http://www.myantispyware.com/mbam

You should now delete RKill, as updated versions are often made available. Malwarebytes’ Anti-Malware is easy to uninstall, but it may prove to be beneficial in the future.

After this, try rebooting normally. If that's successful, I recommend you run another full scan with MBAM. It will detect malware that wasn't running in Safe Mode.

Hope this helps

Titi

2013-01-24 07:41:54 UTC

maybe it is time to reinstall your os. I think that the os needs a repair.

stsystra.exe is another file whose compressed name tells you much about what it does: it is the SigmaTel SYStem TRAY process. It provides an icon in the system tray that allows quick access to configuration options for Sigmatel audio chips, which are integrated into many systems. This is a convenience program that is not required for regular audio function.

If you want a detailed security rating about your stsystra.exe (and all other running background processes) read the following user opinions, and download the free trial version of Security Task Manager.

A process that provides drive letter access to the HP and Veritas versions of DirectCD; it does the same thing as DirectCD. HP says: "This is a needed file as it controls the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master CD's without the file, but not burnt ones."

Get more detailed information about tfswctrl.exe and all other running background processes with Security Task Manager.

Distressed

2013-01-24 09:55:28 UTC

There are two options go for a format , i dont think it to be a virus , does it attach itself to other executable files making them unusable ? i feel its just a potentially unwanted malware

either you can go for a format , just the c drive , as its not a virus

or to take a lot of pain to remove it manually

http://botcrawl.com/how-to-remove-the-search-iminent-search-the-web-hijacker-virus/

http://www.2-spyware.com/remove-search-iminent-com-virus.html

this websites would help i guess , or download hijack this and run it and copy the log in the log analysing websites , they would help you in removing

http://hackforums.net/ got a white hat section , if you tried all the stuffs and if still it wont go post your log there and the staff would give u instructions on how to remove

all the best

Froll

2013-01-24 11:32:52 UTC

Windows Defender Offline.

In the future, don't download software unless it's from a reputable company/site. Usually that means checking for reviews, etc. or asking someone who knows something about computers. If you've never heard your friends talking about it, don't download it. For instance, if you want to know your temps, etc. download Speccy from Piriform. Piriform is a well-known company and you're constantly seeing people recommend their software so you can be pretty sure it's safe.

http://www.piriform.com/speccy

anonymous

2013-01-24 07:43:25 UTC

Also remove the Core Temp and try deleting those folders using>> del *.* /f

If u have the restore point then restore it back to before you installed the core temp

final option is clean installation of windows.

anonymous

2014-07-23 22:08:35 UTC

Hi,

I use Iminent and it works fine. I got it here http://bitly.com/1k4irko

You should try it

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese

Loading...