Virus help pls

[Yohelpmedogimlost]

In task manager there's a virus that keeps appearing after deleting it (Photo 1)

I opened file location it's in c-users-name-appdata-roaming-.  And it's called NFRTHPIBBC.exe

When trying to be deleted a message as in (Photo 2) appears

I searched the hole PC for the file with the name "Port entity ..." with hidden files visible and I found nothing

 

Pls help I'm desperately trying to fix it 4h

[Sylvie]

weird question, have you tried renaming the process in your roaming appdata tree?

give that a shot. If it works, restart the system, then delete all the files associated with it.

If it doesn't, does it stop you using the system restore funcionality?

[Murasaki]

You can use is Autoruns

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

 

If theres any key or item associated with it on startup, removing them should stop it from launching on boot and give a few pointers of related residing components.

[Yohelpmedogimlost]

1 minute ago, Sylvie said:

weird question, have you tried renaming the process in your roaming appdata tree?

give that a shot. If it works, restart the system, then delete all the files associated with it.

If it doesn't, does it stop you using the system restore funcionality?

If I rename it after 1 second there will be another created near the edited one

 

And also there are many thing that are running in background that I can kill but they keep appearing at every start up such as : Suffix, Nitration, Dlaxai, Accrediting

[Sylvie]

3 minutes ago, MariusIonasco said:

If I rename it after 1 second there will be another created near the edited one

 

And also there are many thing that are running in background that I can kill but they keep appearing at every start up such as : Suffix, Nitration, Dlaxai, Accrediting

okay, does it run persistently during safe mode or does that protect you?

You might be able to remove it that way.

 

Malwarebytes anti-malware may also be able to help here.

 

Failing any of these steps, what about a system restore?

 

oh, and for future reference, you can take a capture of the window you've got active with alt+prtscrn, and then just paste it into the reply box.

[Yohelpmedogimlost]

3 minutes ago, Mayushii said:

Another useful tool you can use is Autoruns

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

 

If theres any key or item associated with it on startup, removing them should stop it from launching on boot and give a few pointers of related residing components.

I panicked when I saw the virus spawn in tons of pages on my screen and I unplugged the Ethernet cord and started safe mode and deleted all files that are created or modified this day

 

Should I plug it back and download the tool , I mean there's a process called accreditation

 

[Yohelpmedogimlost]

2 minutes ago, Sylvie said:

okay, does it run persistently during safe mode or does that protect you?

You might be able to remove it that way.

 

Malwarebytes anti-malware may also be able to help here.

 

Failing any of these steps, what about a system restore?

 

oh, and for future reference, you can take a capture of the window you've got active with alt+prtscrn, and then just paste it into the reply box.

I unplugged the PC from the network I'm doing this on my phone and in safe mode the black what's up thing keeps being invincible for deleting but don't runs in task manager

[Sylvie]

2 minutes ago, MariusIonasco said:

I panicked when I saw the virus spawn in tons of pages on my screen and I unplugged the Ethernet cord and started safe mode and deleted all files that are created or modified this day

 

Should I plug it back and download the tool , I mean there's a process called accreditation

  

if you're worried about connecting to the internet on the infected machine, you could always download some anti-malware tools from another machine and transfer them.

[Murasaki]

2 minutes ago, MariusIonasco said:

I unplugged the PC from the network I'm doing this on my phone and in safe mode the black what's up thing keeps being invincible for deleting but don't runs in task manager

The tool uploads items to virustotal, providing you with a general idea of how suspicious they are. But you can also do it offline and look for anything that stands out.

[Yohelpmedogimlost]

5 minutes ago, MariusIonasco said:

I unplugged the PC from the network I'm doing this on my phone and in safe mode the black what's up thing keeps being invincible for deleting but don't runs in task manager

Oh wait it is deleting in safe mode ,anything is deleting in safe mode except of one file NTUSER.DAT (Photo)

Sorry for screen glaring and quality it gets later and darker at me 

[Yohelpmedogimlost]

15 minutes ago, Mayushii said:

The tool uploads items to virustotal, providing you with a general idea of how suspicious they are. But you can also do it offline and look for anything that stands out.

Sorry I will use the tool tomorrow (+10h)

Cause it's late at me, I will write the results

 

[Yohelpmedogimlost]

SOLVED

 

Oh F$%* I found it the thing was that at the beginning my windows virus and thread protection was disabled cause it was turned to some enterprises controlled shit. I turned it off in regedit. Then deleted a bunch of files and runned antivirus, but that didn't solved the problem. I started the post,but now I saw that the controlled antivirus made a lot of exclusion folder paths where the main sources are coming, deleted the exclusions and runned the antivirus so it found something like in (Photo) -who wants can protocol that 

 

THANKS for all who participated in the post , but there is one thing the start up processes that I disabled are still there, not running, but I can see them in Task Manager under Start-up