Possible Virus/Access Denied Attempting to Remove File

[dj329]

My son attempted to download a game from the internet. The download file apparently ended up being malicious. I used Malwarebytes and was able to remove several things that were unknowingly installed. The PC is usable now, but System Restore appears to have been disabled and after the machine runs for a while the memory (16 gb) maxes out and the machine runs extremely slow. The memory is being used by a process named "wmekgoc.exe" which always has several instances running.

This process maps back to AppData/Local and a folder named "iaapcbe." This folder is locked and I cannot open or remove the folder. I have tried changing ownership, starting is safe mode, using the "Take Ownership" registry editor and nothing has worked. I get "Access Denied" every time.

Any advice would be greatly appreciated!

 

[Paul NZ]

Get trojan remover https://simplysup.com/ update it then scan if you can. Then reset everything under the utils menu

 

[jr9]

Malware can make a complete mess of your Windows installation and block off parts of the OS even after it is removed. You probably still have malware by the sounds of it. Generally my recommended course of action against a severe Trojan infection is to simply clean install. Even if you remove all the malware the damage has been done and it made thousands of small changes to your PC to help it get back in after removal.

I would copy the Windows activation key and deactivate it, back up anything important in safe mode, then clean install the OS.

If you want to try and fix your installation, a malware scan inside safe mode would help. F8 at start up and select safe mode from the menu.

 

[dj329]

Thanks for the quick reply!

I downloaded the remover, updated, and ran the scan. It didn't find any issues. I did reset everything under the utilities menu. Access still denied and processes still running.

 

[dj329]

Malware can make a complete mess of your Windows installation and block off parts of the OS even after it is removed. You probably still have malware by the sounds of it. Generally my recommended course of action against a severe Trojan infection is to simply clean install. Even if you remove all the malware the damage has been done and it made thousands of small changes to your PC to help it get back in after removal.

I would copy the Windows activation key and deactivate it, back up anything important in safe mode, then clean install the OS.

If you want to try and fix your installation, a malware scan inside safe mode would help. F8 at start up and select safe mode from the menu.

I will try your suggestion about safe mode first and get back with you. Thanks.

 

[Paul NZ]

Get adwcleaner see if it picks anything up https://www.malwarebytes.com/adwcleaner/

 

[jr9]

It's not that the malware is still there, it's that it made changes to your registry/OS settings. Those changes will remain even after malware removal which is why I recommend just a clean install if the cleaner doesn't help you. You can't generally do a system restore or restore your registry using the backups that Windows automatically creates because pretty much all malware infects/changes all the system restore points and registry backups it sees.