If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
igfxmtc.exe trojan
My neighbor complained about her machine running really slowly and being
basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied. What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. |
Ads |
#2
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 2:54 PM, KenW wrote:
On Thu, 8 Feb 2018 14:02:36 -0800, Mike S wrote: My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied. What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Wipe the drive and install Windows 10 from an ISO. Ccleaner free can do that. KenW The owner is considering that option, it seems like massive overkill for one infection, but without safe mode or a scanner that can remove it, that may be necessary. |
#3
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 6:30 PM, Mike S wrote:
On 2/8/2018 2:54 PM, KenW wrote: On Thu, 8 Feb 2018 14:02:36 -0800, Mike S wrote: My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied.Â* What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Wipe the drive and install Windows 10 from an ISO. Ccleaner free can do that. KenW The owner is considering that option, it seems like massive overkill for one infection, but without safe mode or a scanner that can remove it, that may be necessary. You might be able to clean things by booting one of the Live Linux DVD's. Once Linux is running you can mount the original hard drive and clean it up with the same or similar anti programs you wanted to run. If nothing else you should be able to download and burn/run one of the Rescue systems from here; https://livecdlist.com/ |
#4
|
|||
|
|||
igfxmtc.exe trojan
Mike S wrote:
My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied. What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. https://forums.malwarebytes.com/topi...tcexe-trouble/ It contains a pointer to another packaged version of MBAR. https://forums.malwarebytes.com/topi...-malwarebytes/ If Mbar wont run please download the zip copy from this article and follow the instructions at the link to get running. https://support.malwarebytes.com/docs/DOC-1267 Paul |
#5
|
|||
|
|||
igfxmtc.exe trojan
"Mike S" wrote in message news My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied. What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Mike, Try this https://us.norton.com/support/tools/npe.html It's free and has been improved. When it opens you have 3 options - just start from the top and follow the bouncing ball. It may also direct you to one of the sites to do an online scan. Bob S. |
#6
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 5:48 PM, KenW wrote:
The owner is considering that option, it seems like massive overkill for one infection, but without safe mode or a scanner that can remove it, that may be necessary. There are a few programs out there that are free. If you can find the name of the infection, there are specific free programs for them. You could try running some programs from a usb stick if they won't install. There are many ways to 'skin a cat'. KenW Thanks KenW and GlowingBlueMist, thinking about it from this angle I found this page (link below) but I was imagining a situation where the scanner deleted infected system files and the machine would no longer boot. Do you know if it's possible for me to burn a Win10 DVD that will allow me to run scanners and repair or replace system files? I don't want to wipe out files that make the machine unbootable and then not be able to fix it. Or should I do it in 2 steps, first use one of these bootable scanners to hopefully clean the disk, then boot from a Win10 DVD and repair or replace any damaged or missing system files? "15 Free Bootable Antivirus Tools" https://www.lifewire.com/free-bootab...-tools-2625785 |
#7
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 5:49 PM, Bob_S wrote:
"Mike S"Â* wrote in message news My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied.Â* What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Mike, Try this https://us.norton.com/support/tools/npe.html It's free and has been improved.Â* When it opens you have 3 options - just start from the top and follow the bouncing ball.Â* It may also direct you to one of the sites to do an online scan. Bob S. Thanks Bob, I was just trying this Use Windows Defender Offline to remove tough viruses from your Windows 10 PC https://www.windowscentral.com/use-w...-windows-10-pc I disabled Secure Boot and moved the CD/DVD drive to the top of the boot order list, I didn't enable Legacy Boot yet, and I was unable to boot from the CD. The CD activity light flashed a lot for a few seconds, then stopped, and it proceeded to boot form the hdd. Do you know if I need to enable Legacy Boot to boot one of these types of repair CD/DVDs? |
#8
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 6:20 PM, Mike S wrote:
On 2/8/2018 5:49 PM, Bob_S wrote: "Mike S"Â* wrote in message news My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied.Â* What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Mike, Try this https://us.norton.com/support/tools/npe.html It's free and has been improved.Â* When it opens you have 3 options - just start from the top and follow the bouncing ball.Â* It may also direct you to one of the sites to do an online scan. Bob S. Thanks Bob, I was just trying this Use Windows Defender Offline to remove tough viruses from your Windows 10 PC https://www.windowscentral.com/use-w...-windows-10-pc I disabled Secure Boot and moved the CD/DVD drive to the top of the boot order list, I didn't enable Legacy Boot yet, and I was unable to boot from the CD. The CD activity light flashed a lot for a few seconds, then stopped, and it proceeded to boot form the hdd. Do you know if I need to enable Legacy Boot to boot one of these types of repair CD/DVDs? I enabled Legacy Boot (CSM) and made sure the boot order and legacy boot order both had the internal cd-rom drive at the top of the list, still boots to the hdd. |
#9
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 6:24 PM, KenW wrote:
On Thu, 8 Feb 2018 17:58:31 -0800, Mike S wrote: On 2/8/2018 5:48 PM, KenW wrote: The owner is considering that option, it seems like massive overkill for one infection, but without safe mode or a scanner that can remove it, that may be necessary. There are a few programs out there that are free. If you can find the name of the infection, there are specific free programs for them. You could try running some programs from a usb stick if they won't install. There are many ways to 'skin a cat'. KenW Thanks KenW and GlowingBlueMist, thinking about it from this angle I found this page (link below) but I was imagining a situation where the scanner deleted infected system files and the machine would no longer boot. Do you know if it's possible for me to burn a Win10 DVD that will allow me to run scanners and repair or replace system files? I don't want to wipe out files that make the machine unbootable and then not be able to fix it. Or should I do it in 2 steps, first use one of these bootable scanners to hopefully clean the disk, then boot from a Win10 DVD and repair or replace any damaged or missing system files? "15 Free Bootable Antivirus Tools" https://www.lifewire.com/free-bootab...-tools-2625785 All these years and I never had to restore a single file from a dvd ! With Windows 10 you can do a repair reinstall just as easy as with XP. Just run setup.exe ( or what ever ) from within Win 10 on the dvd. Do not boot the dvd. I thought some others would show up in this thread with help. KenW Thanks KenW. The owner doesn't know if it came with 7 or 10, she did say it's about 6 or 7 yrs old, and there was a Windows 10 Update Assistant icon on the desktop, so I'm guessing it was originally w7. If they did an u/g can I download any version w10 ISO and do the repair reinstall? |
#10
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 6:24 PM, KenW wrote:
On Thu, 8 Feb 2018 17:58:31 -0800, Mike S wrote: On 2/8/2018 5:48 PM, KenW wrote: The owner is considering that option, it seems like massive overkill for one infection, but without safe mode or a scanner that can remove it, that may be necessary. There are a few programs out there that are free. If you can find the name of the infection, there are specific free programs for them. You could try running some programs from a usb stick if they won't install. There are many ways to 'skin a cat'. KenW Thanks KenW and GlowingBlueMist, thinking about it from this angle I found this page (link below) but I was imagining a situation where the scanner deleted infected system files and the machine would no longer boot. Do you know if it's possible for me to burn a Win10 DVD that will allow me to run scanners and repair or replace system files? I don't want to wipe out files that make the machine unbootable and then not be able to fix it. Or should I do it in 2 steps, first use one of these bootable scanners to hopefully clean the disk, then boot from a Win10 DVD and repair or replace any damaged or missing system files? "15 Free Bootable Antivirus Tools" https://www.lifewire.com/free-bootab...-tools-2625785 All these years and I never had to restore a single file from a dvd ! With Windows 10 you can do a repair reinstall just as easy as with XP. Just run setup.exe ( or what ever ) from within Win 10 on the dvd. Do not boot the dvd. I thought some others would show up in this thread with help. KenW KenW, I may have found how to do what you're suggesting. I ran ProduKey to get the Windows Key from the infected computer, and am burning a w10 DVD from here. Thanks for pointing me in the right direction. https://www.microsoft.com/en-us/soft...load/windows10 |
#11
|
|||
|
|||
igfxmtc.exe trojan
"Mike S" wrote in message news On 2/8/2018 5:49 PM, Bob_S wrote: "Mike S" wrote in message news My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied. What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Mike, Try this https://us.norton.com/support/tools/npe.html It's free and has been improved. When it opens you have 3 options - just start from the top and follow the bouncing ball. It may also direct you to one of the sites to do an online scan. Bob S. Thanks Bob, I was just trying this Use Windows Defender Offline to remove tough viruses from your Windows 10 PC https://www.windowscentral.com/use-w...-windows-10-pc I disabled Secure Boot and moved the CD/DVD drive to the top of the boot order list, I didn't enable Legacy Boot yet, and I was unable to boot from the CD. The CD activity light flashed a lot for a few seconds, then stopped, and it proceeded to boot form the hdd. Do you know if I need to enable Legacy Boot to boot one of these types of repair CD/DVDs? Mike, I don't know your hardware configuration and if you switch to legacy mode you can cause yourself some boot problems when you go back to the hard drive. So back off of that Windows Defender Offline for now. There is a lot of other things that can be done but I suggested NPE tool because it is thorough. It can also turn up a lot of false positives on benign software. Once it has completed a scan and shows a window full of "Bad" entries - apply a dose of caution and go thru the list. At the top, use the checkbox to unselect everything and then go down thru the "Bad" entries. Those showing as "PUPs" (Potentially Unwanted Programs) may or may not be bad so don't get to nervous about those. You're looking for the ones that standout and have Trojan, Virus, Malware associated with them. I should have prefaced my use of this tool with "It's a hammer", use it softly. By being selective with the items it finds, this should get you to a point where MBAM or others can find other malware associated with this infection. RougueKiller is another hammer type approach. It shows a number of false positives such as calling UltraVNC a Trojan (Generic). Not knowing what software is installed on the system and trying to determine what's been infected and how is really difficult and the best advice is to use your best judgment when you look at the output of programs like NPE or RogueKiller. Try to determine what was installed recently or downloaded. I'm sure you've read just about everything on igfxmtc.exe and have seen everyone trying to sell the software to remove it or to download some dubious other software. Even MBAB tech support doesn't know how to get rid of it (yet). One of their approaches involves running RogueKiller and they also want a ton of logs collected and finally after reading several threads, you never do see MBAM's solution but I did read that Windows "Malicious Software Removal Tool" was helpful. https://www.microsoft.com/en-us/down...l-details.aspx Download it and let it run a full scan. Wish I could tell you which false positives to ignore but if the company that makes these tools can't do it - neither can I. Worst case, if you guess wrong by deleting some software/application, it can be reinstalled. Right now the object is to get you back in control and I think the best you can hope for is ending up with a hobbled system of some fashion that in the end will need to be restored. So maybe the plan should be: 1. Start looking for and copying any documents, photo's, etc. that your neighbor deems important and copy those to a USB stick or an external drive that is not connected to your system so you don't get your system infected. 2. Run the tools but try this order a) Windows Removal tool b) RogueKiller c) NPE 3. It's going to get bloody so tell your neighbor that at best, you can probably save their files but the rest is toast. 4. Direct them to an online store or a local BestBuy to purchase a USB drive and backup software (I prefer Acronis - warts and all) and show them how to make regular scheduled backups. Bob S. |
#12
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 7:11 PM, Bob_S wrote:
"Mike S"Â* wrote in message news On 2/8/2018 5:49 PM, Bob_S wrote: "Mike S"Â* wrote in message news My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied.Â* What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Mike, Try this https://us.norton.com/support/tools/npe.html It's free and has been improved.Â* When it opens you have 3 options - just start from the top and follow the bouncing ball.Â* It may also direct you to one of the sites to do an online scan. Bob S. Thanks Bob, I was just trying this Use Windows Defender Offline to remove tough viruses from your Windows 10 PC https://www.windowscentral.com/use-w...-windows-10-pc I disabled Secure Boot and moved the CD/DVD drive to the top of the boot order list, I didn't enable Legacy Boot yet, and I was unable to boot from the CD. The CD activity light flashed a lot for a few seconds, then stopped, and it proceeded to boot form the hdd. Do you know if I need to enable Legacy Boot to boot one of these types of repair CD/DVDs? Mike, I don't know your hardware configuration and if you switch to legacy mode you can cause yourself some boot problems when you go back to the hard drive. So back off of that Windows Defender Offline for now.Â* There is a lot of other things that can be done but I suggested NPE tool because it is thorough.Â* It can also turn up a lot of false positives on benign software. Once it has completed a scan and shows a window full of "Bad" entries - apply a dose of caution and go thru the list.Â* At the top, use the checkbox to unselect everything and then go down thru the "Bad" entries.Â* Those showing as "PUPs" (Potentially Unwanted Programs) may or may not be bad so don't get to nervous about those.Â* You're looking for the ones that standout and have Trojan, Virus, Malware associated with them. I should have prefaced my use of this tool with "It's a hammer", use it softly.Â* By being selective with the items it finds, this should get you to a point where MBAM or others can find other malware associated with this infection.Â* RougueKiller is another hammer type approach.Â* It shows a number of false positives such as calling UltraVNC a Trojan (Generic). Not knowing what software is installed on the system and trying to determine what's been infected and how is really difficult and the best advice is to use your best judgment when you look at the output of programs like NPE or RogueKiller.Â*Â* Try to determine what was installed recently or downloaded. I'm sure you've read just about everything on igfxmtc.exe and have seen everyone trying to sell the software to remove it or to download some dubious other software. Even MBAB tech support doesn't know how to get rid of it (yet).Â* One of their approaches involves running RogueKiller and they also want a ton of logs collected and finally after reading several threads, you never do see MBAM's solution but I did read that Windows "Malicious Software Removal Tool" was helpful. https://www.microsoft.com/en-us/down...l-details.aspx Download it and let it run a full scan. Wish I could tell you which false positives to ignore but if the company that makes these tools can't do it - neither can I.Â* Worst case, if you guess wrong by deleting some software/application, it can be reinstalled. Right now the object is to get you back in control and I think the best you can hope for is ending up with a hobbled system of some fashion that in the end will need to be restored.Â* So maybe the plan should be: 1. Start looking for and copying any documents, photo's, etc. that your neighbor deems important and copy those to a USB stick or an external drive that is not connected to your system so you don't get your system infected. 2. Run the tools but try this order a) Windows Removal toolÂ* b) RogueKiller c) NPE 3.Â* It's going to get bloody so tell your neighbor that at best, you can probably save their files but the rest is toast. 4. Direct them to an online store or a local BestBuy to purchase a USB drive and backup software (I prefer Acronis - warts and all) and show them how to make regular scheduled backups. Bob S. Thanks very much, I downloaded the win10 iso and ran ProduKey to get the key in case I needed it, am running the startup repair right now, if that lets me run scanners on the next boot, great, otherwise it will be hammer time. Thanks again. |
#13
|
|||
|
|||
igfxmtc.exe trojan
"Mike S" wrote in message news On 2/8/2018 7:11 PM, Bob_S wrote: "Mike S" wrote in message news On 2/8/2018 5:49 PM, Bob_S wrote: "Mike S" wrote in message news My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied. What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Mike, Try this https://us.norton.com/support/tools/npe.html It's free and has been improved. When it opens you have 3 options - just start from the top and follow the bouncing ball. It may also direct you to one of the sites to do an online scan. Bob S. Thanks Bob, I was just trying this Use Windows Defender Offline to remove tough viruses from your Windows 10 PC https://www.windowscentral.com/use-w...-windows-10-pc I disabled Secure Boot and moved the CD/DVD drive to the top of the boot order list, I didn't enable Legacy Boot yet, and I was unable to boot from the CD. The CD activity light flashed a lot for a few seconds, then stopped, and it proceeded to boot form the hdd. Do you know if I need to enable Legacy Boot to boot one of these types of repair CD/DVDs? Mike, I don't know your hardware configuration and if you switch to legacy mode you can cause yourself some boot problems when you go back to the hard drive. So back off of that Windows Defender Offline for now. There is a lot of other things that can be done but I suggested NPE tool because it is thorough. It can also turn up a lot of false positives on benign software. Once it has completed a scan and shows a window full of "Bad" entries - apply a dose of caution and go thru the list. At the top, use the checkbox to unselect everything and then go down thru the "Bad" entries. Those showing as "PUPs" (Potentially Unwanted Programs) may or may not be bad so don't get to nervous about those. You're looking for the ones that standout and have Trojan, Virus, Malware associated with them. I should have prefaced my use of this tool with "It's a hammer", use it softly. By being selective with the items it finds, this should get you to a point where MBAM or others can find other malware associated with this infection. RougueKiller is another hammer type approach. It shows a number of false positives such as calling UltraVNC a Trojan (Generic). Not knowing what software is installed on the system and trying to determine what's been infected and how is really difficult and the best advice is to use your best judgment when you look at the output of programs like NPE or RogueKiller. Try to determine what was installed recently or downloaded. I'm sure you've read just about everything on igfxmtc.exe and have seen everyone trying to sell the software to remove it or to download some dubious other software. Even MBAB tech support doesn't know how to get rid of it (yet). One of their approaches involves running RogueKiller and they also want a ton of logs collected and finally after reading several threads, you never do see MBAM's solution but I did read that Windows "Malicious Software Removal Tool" was helpful. https://www.microsoft.com/en-us/down...l-details.aspx Download it and let it run a full scan. Wish I could tell you which false positives to ignore but if the company that makes these tools can't do it - neither can I. Worst case, if you guess wrong by deleting some software/application, it can be reinstalled. Right now the object is to get you back in control and I think the best you can hope for is ending up with a hobbled system of some fashion that in the end will need to be restored. So maybe the plan should be: 1. Start looking for and copying any documents, photo's, etc. that your neighbor deems important and copy those to a USB stick or an external drive that is not connected to your system so you don't get your system infected. 2. Run the tools but try this order a) Windows Removal tool b) RogueKiller c) NPE 3. It's going to get bloody so tell your neighbor that at best, you can probably save their files but the rest is toast. 4. Direct them to an online store or a local BestBuy to purchase a USB drive and backup software (I prefer Acronis - warts and all) and show them how to make regular scheduled backups. Bob S. Thanks very much, I downloaded the win10 iso and ran ProduKey to get the key in case I needed it, am running the startup repair right now, if that lets me run scanners on the next boot, great, otherwise it will be hammer time. Thanks again. Mike, If that computer had Win10 on it, you won't need the product key. It will have a digital key associated with the install of Win10 when it was upgraded. When the window comes up asking for the product key just click on "I don't have a product key". If you don't connect it to the internet during the install you will save some time. Get it up and running, do what you need and then connect to the internet. It will then activate automatically. Bob S. |
#14
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 8:25 PM, Bob_S wrote:
"Mike S"Â* wrote in message news On 2/8/2018 7:11 PM, Bob_S wrote: "Mike S"Â* wrote in message news On 2/8/2018 5:49 PM, Bob_S wrote: "Mike S"Â* wrote in message news My neighbor complained about her machine running really slowly and being basically unusable. I found that AVG AV was not running, not a good sign, and I couldn't install Panda AV or run Trend Micro Housecall to scan it. I could run MBAM and it found some files and registry entries but quarantining them and rebooting was never sufficient to permanently remove them, either they got quarantined then re-created by the time the machine was rebooted, or they were never quarantined at all. I ran MBAR (rootkit scanner) and it found igfxmtc.exe, which I found running in the task list and could not kill, and which I found in the user profile appdata local folder but could not delete so I tried to boot into Safe Mode (holding down F8 during boot, holding Shift while clicking Restart, using Msconfig, using System Settings Update & security Advanced startup etc., nothing worked to get it in to safemode so I could try to run MBAR or Sophos Rootkit scanner from Safe Mode. Sophos would not run normally. And I tried disabling Secure Boot to boot a known good Linux CD but the computer would not boot from the CD, that is probably a different issue. Next I removed the hdd and deleted the igfxmtc folder and its contents using my w7 machine, reinstalled it and booted, a different infected folder appeared in the same appdata local folder, and then the igfxmtc folder was recreated as well! So I never got to the source of the infection that was writing those files. I read that a lot of work has gone into this bitminer to make it immune to simple attacks, and they have me stymied.Â* What is the procedure for dealing with pernicious infections of this sort? There are many pro cleaners that claim to work but I don't know which ones to trust. At this point I asked the user to back up all of her files and consider a clean OS install, or restore to Factory Defaults if the machine will do that. Any suggestions will be appreciated. Mike, Try this https://us.norton.com/support/tools/npe.html It's free and has been improved.Â* When it opens you have 3 options - just start from the top and follow the bouncing ball.Â* It may also direct you to one of the sites to do an online scan. Bob S. Thanks Bob, I was just trying this Use Windows Defender Offline to remove tough viruses from your Windows 10 PC https://www.windowscentral.com/use-w...-windows-10-pc I disabled Secure Boot and moved the CD/DVD drive to the top of the boot order list, I didn't enable Legacy Boot yet, and I was unable to boot from the CD. The CD activity light flashed a lot for a few seconds, then stopped, and it proceeded to boot form the hdd. Do you know if I need to enable Legacy Boot to boot one of these types of repair CD/DVDs? Mike, I don't know your hardware configuration and if you switch to legacy mode you can cause yourself some boot problems when you go back to the hard drive. So back off of that Windows Defender Offline for now.Â* There is a lot of other things that can be done but I suggested NPE tool because it is thorough.Â* It can also turn up a lot of false positives on benign software. Once it has completed a scan and shows a window full of "Bad" entries - apply a dose of caution and go thru the list.Â* At the top, use the checkbox to unselect everything and then go down thru the "Bad" entries.Â* Those showing as "PUPs" (Potentially Unwanted Programs) may or may not be bad so don't get to nervous about those. You're looking for the ones that standout and have Trojan, Virus, Malware associated with them. I should have prefaced my use of this tool with "It's a hammer", use it softly.Â* By being selective with the items it finds, this should get you to a point where MBAM or others can find other malware associated with this infection.Â* RougueKiller is another hammer type approach.Â* It shows a number of false positives such as calling UltraVNC a Trojan (Generic). Not knowing what software is installed on the system and trying to determine what's been infected and how is really difficult and the best advice is to use your best judgment when you look at the output of programs like NPE or RogueKiller.Â*Â* Try to determine what was installed recently or downloaded. I'm sure you've read just about everything on igfxmtc.exe and have seen everyone trying to sell the software to remove it or to download some dubious other software. Even MBAB tech support doesn't know how to get rid of it (yet).Â* One of their approaches involves running RogueKiller and they also want a ton of logs collected and finally after reading several threads, you never do see MBAM's solution but I did read that Windows "Malicious Software Removal Tool" was helpful. https://www.microsoft.com/en-us/down...l-details.aspx Download it and let it run a full scan. Wish I could tell you which false positives to ignore but if the company that makes these tools can't do it - neither can I.Â* Worst case, if you guess wrong by deleting some software/application, it can be reinstalled. Right now the object is to get you back in control and I think the best you can hope for is ending up with a hobbled system of some fashion that in the end will need to be restored.Â* So maybe the plan should be: 1. Start looking for and copying any documents, photo's, etc. that your neighbor deems important and copy those to a USB stick or an external drive that is not connected to your system so you don't get your system infected. 2. Run the tools but try this order a) Windows Removal toolÂ* b) RogueKiller c) NPE 3.Â* It's going to get bloody so tell your neighbor that at best, you can probably save their files but the rest is toast. 4. Direct them to an online store or a local BestBuy to purchase a USB drive and backup software (I prefer Acronis - warts and all) and show them how to make regular scheduled backups. Bob S. Thanks very much, I downloaded the win10 iso and ran ProduKey to get the key in case I needed it, am running the startup repair right now, if that lets me run scanners on the next boot, great, otherwise it will be hammer time. Thanks again. Mike, If that computer had Win10 on it, you won't need the product key.Â* It will have a digital key associated with the install of Win10 when it was upgraded.Â* When the window comes up asking for the product key just click on "I don't have a product key". If you don't connect it to the internet during the install you will save some time.Â* Get it up and running, do what you need and then connect to the internet.Â* It will then activate automatically. Bob S. Thanks Bob S. I'm feeling a lot better about this project. |
#15
|
|||
|
|||
igfxmtc.exe trojan
Mike,
Just one last thought. You are a good neighbor to have. Taking the time and the headaches involved in diagnosing and trying to save the install takes patience and skill and sometimes the best solution is exactly what you are doing to insure the system is malware free. Get them doing backups so the next time is just a quick reimage. Make sure that you turn on the option for System Restore to create restore points too. Ya did good and I'm sure your neighbor will appreciate your efforts and your generosity. (if not I got this virus you can plant on their hard drive...;-) Bob S. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|