Pierrot - Rigel Virus

[slimwingrove]

Hi, there is a process running on my computer, called "Pierrot". When I end the process it simply just comes back. When I open file location it takes me to my Program files (x86), to a folder named Rigel. Now when I manually go to my Program files, Rigel is not there at all, only when I click go to file location. When I try to delete this pierrot, it simply says it is open in Pierrot. I will post an imgur link if I'm allowed.

I really need help with this, as I know it's a virus. I attempted to get a paintshoppro for free, like an idiot I am. And this virus is keeping me from resetting my PC, or even turning on windows defender. Please help if possible!!

 

[mdd1963]

Make notes of location

Try running a Kaspersky Rescue CD outside of WIndows...; even if not detected by Kaspersky scanner, you can delete it from within Linux if you know the location...

You might be able to use ProcessExplorer to find which file/process is respawning the miscreant task, and suspend them both first, then delete them...

 

[JoshRoss]

Bootable rescue disks and other forms of similar solutions is just an overkill before trying to sort out the problem in a conventional matter. The following is a thorough virus cleanup, following the steps should clear any potential threats. Let me know if it helps you.

1. Restart your PC in “Safe mode with networking.”
2. Install and run RKill to kill malicious processes and services
3. Check your Programs and features and see if there are any new recently installed programs that you don’t recognize. If there are, remove them.
4. Check your task manager for any suspicious processes, if found, identify folders and try to remove them manually. Or just "Win key + R" and type %appdata%. Afterward, delete potentially malicious folders.
5. Do a full scan with anti-virus software of your choice or use Windows Defender to clean up initial infections.
6. Scan your PC with Hitman Pro, Malwarebytes, and AdwCleaner. Multiple anti-malware solutions will confirm that the threat was removed.
7. Restart your PC in normal mode and do an additional scan to confirm that the malware is gone.

 

[mdd1963]

Many types of malware that pull the Lazarus respawn act are not usually easily defeated w/ the above, but, the above are certainly still worth trying first...

Freefixer will also show everything scheduled to run, downloaded recently, etc....

A pretty powerful tool, harmless to run, but choose carefully what is scheduled for deletion....

 

[JoshRoss]

True, and if it's a rootkit, you are going to have an even worse time dealing with it. But assumptions at this cannot be made. We shall see if the OP responds further.

 

[mdd1963]

Might try researching Hitman Pro/ breach mode on youtube as well, but, this might need to be made on uninfected PC too, because normally anything preventing Defender from running will usually prevent the named classics as well...

Sometimes, simply renaming the application as notepad or iexplorer.exe works, but, that takes some luck..

 

[slimwingrove]

UPDATE: Hey guys so I seemed to have gotten rid of pierrot, at least I think so. But I still cannot reset my PC from the windows option. (reset as in wipe). Now my windows defender seems to have found about 6 threats.

2 of them are: SoftwareBundler:Win32/Prepscram
2 of them are: SoftwareBundler:Win32/Penzievs
2 of them are: TrojanProxy:Win32/Wonknod.A

Any idea about those?

 

[mdd1963]

I'd be rather surprised if Defender found something, but Malwarebytes AM did not....

Does Defender not give the option to remove it? (Make notes of where it is located, perhaps you can do a Defender bootable/Offline USB or CD, and remove it that way....

 

[JoshRoss]

Windows Defender is getting more sophisticated and can help you with the issues. Sorry for the late response. If you have followed my steps thoroughly, you should have gotten rid of it fully. Nonetheless, try installing Kaspersky or Avast free versions and doing a full scan with them. See if that helps you with the issues in any way.

Your other options are getting a Windows USB/DVD bootable and attempting the repairs/reinstall that way or as Mdd said, try a bootable anti-virus solution. Make sure you make back-ups of your important files before doing that, just in case.

 

[Saga Lout]

You might have better luck against a threat like that one if you work in Safe Mode.

Call up an elevated Command form and at the prompt, type
SHUTDOWN /R /O -T 00
and hit the Enter key. Restart and when the options show up, aim for the list of Function keys to do different actions. One is F4 and that's the one you need for Safe Mode.