"Windows Process Manager" Virus hogging resources (processing power and RAM) in the background

[muhtaseem96]

http://puu.sh/yahkC/fe1da6fcdd.png
As you can see in the screen clip, there's this "Windows Process Manager" thing with multiple "clients" running in the background and it consumes a huge amount of RAM and processing power. http://puu.sh/yahBg/aaf2bebc2b.png
There are multiple instances that can take up to 500 MBs of RAM if left without ending the task. Opening file location leads to this folder
http://puu.sh/yahG4/3f6cff59bf.png
I've tried using ReasonCore Security alongside regular Windows Defender checks to try and get rid of it but to no or limited effect. I recall Windows defender showing me warnings of Trojan infection if this info helps
http://puu.sh/yahLI/a4647d00a1.png

Any help would be greatly appreciated, thank you

 

[snburchett]

I GOT IT! My solution was actually incredibly simple.
I opened 'Task Manager'
'Right Clicked' the problem program "Windows Process Manager"
Go over to 'Properties'
Select 'Security'
Select 'Advanced'
'Remove'
'Deny' everything
'Disable Inheritance'
Apply everything.
Since doing this I have not seen the Process Manager in my task bar and my CPU usage is back to normal.

I am having a very similar issue to your problem, but when I try this solution I cannot find where it says 'Remove.'
1. I go to 'Properties'
2. select 'Security'
3. select 'Advanced'
After this step i am met with this window https://gyazo.com/f8a0bf083c7b593cc07ea63d9bb69d7c
So I am completely lost once I get to this window...

DON'T REMOVE ALL OF THEM! Remove all of them except the one for your user account (example: Alex Friedsonn). That way, you'll still have the ability to modify its properties. (And give yourself full control while you're at it.)

I am still confused as of what to do after I remove all the permission entries except the one with my name. Any ideas?

I'm not sure if it'll work, but, every time it appears, just do that, click disable inheritance, and it MAY eventually disappear after a few repeats and reboots/shutdowns.

I haven't tested it fully yet. I'm still at the stage where my machine is perfectly usable, so I'll do "natural" power cycles to see if it works. I'll rename one of the executables to TEST.exe so I can monitor it through the process.

Just try it a few times through different sessions, and, if Windows Process Manager still persists after, like, 3 to 5 reboots with permission changes, then let me know and we can cross that one off of the list of possible solutions. This method feels pretty ingenious, though (as is the infection itself, you have to admit), so it'll be a shame if it ultimately fails. Let's just try it and see.

I will stress that I DON'T KNOW if it will work.

 

[snburchett]

I GOT IT! My solution was actually incredibly simple.
I opened 'Task Manager'
'Right Clicked' the problem program "Windows Process Manager"
Go over to 'Properties'
Select 'Security'
Select 'Advanced'
'Remove'
'Deny' everything
'Disable Inheritance'
Apply everything.
Since doing this I have not seen the Process Manager in my task bar and my CPU usage is back to normal.

I am having a very similar issue to your problem, but when I try this solution I cannot find where it says 'Remove.'
1. I go to 'Properties'
2. select 'Security'
3. select 'Advanced'
After this step i am met with this window https://gyazo.com/f8a0bf083c7b593cc07ea63d9bb69d7c
So I am completely lost once I get to this window...

DON'T REMOVE ALL OF THEM! Remove all of them except the one for your user account (example: Alex Friedsonn). That way, you'll still have the ability to modify its properties. (And give yourself full control while you're at it.)

I am still confused as of what to do after I remove all the permission entries except the one with my name. Any ideas?

You know what, I just had a stupid but clever idea: since we now have full access to the executable, let's render it unusable by going to the General tab in Properties and using the text field that has the filename in it to remove the file extension. That way, nothing can use it.

 

[snburchett]

I GOT IT! My solution was actually incredibly simple.
I opened 'Task Manager'
'Right Clicked' the problem program "Windows Process Manager"
Go over to 'Properties'
Select 'Security'
Select 'Advanced'
'Remove'
'Deny' everything
'Disable Inheritance'
Apply everything.
Since doing this I have not seen the Process Manager in my task bar and my CPU usage is back to normal.

I am having a very similar issue to your problem, but when I try this solution I cannot find where it says 'Remove.'
1. I go to 'Properties'
2. select 'Security'
3. select 'Advanced'
After this step i am met with this window https://gyazo.com/f8a0bf083c7b593cc07ea63d9bb69d7c
So I am completely lost once I get to this window...

DON'T REMOVE ALL OF THEM! Remove all of them except the one for your user account (example: Alex Friedsonn). That way, you'll still have the ability to modify its properties. (And give yourself full control while you're at it.)

I am still confused as of what to do after I remove all the permission entries except the one with my name. Any ideas?

OK, so do what the guy said in the first place (deny permission to everyone) AFTER setting your own account as owner. And, if you want to be extra safe, then rename the files and extensions to something easily recognizable AS LONG AS YOU CHANGE THE EXTENSION TO BE UNUSABLE. Example: FYOU.WPMVIRUS. I'm still not sure about deleting the System32 file part of the virus, but it is safe to deny permissions to it and rename it.

 

[altonwayne]

I GOT IT! My solution was actually incredibly simple.
I opened 'Task Manager'
'Right Clicked' the problem program "Windows Process Manager"
Go over to 'Properties'
Select 'Security'
Select 'Advanced'
'Remove'
'Deny' everything
'Disable Inheritance'
Apply everything.
Since doing this I have not seen the Process Manager in my task bar and my CPU usage is back to normal.

I am having a very similar issue to your problem, but when I try this solution I cannot find where it says 'Remove.'
1. I go to 'Properties'
2. select 'Security'
3. select 'Advanced'
After this step i am met with this window https://gyazo.com/f8a0bf083c7b593cc07ea63d9bb69d7c
So I am completely lost once I get to this window...

DON'T REMOVE ALL OF THEM! Remove all of them except the one for your user account (example: Alex Friedsonn). That way, you'll still have the ability to modify its properties. (And give yourself full control while you're at it.)

I am still confused as of what to do after I remove all the permission entries except the one with my name. Any ideas?

OK, so do what the guy said in the first place (deny permission to everyone) AFTER setting your own account as owner. And, if you want to be extra safe, then rename the files and extensions to something easily recognizable AS LONG AS YOU CHANGE THE EXTENSION TO BE UNUSABLE. Example: FYOU.WPMVIRUS. I'm still not sure about deleting the System32 file part of the virus, but it is safe to deny permissions to it and rename it.

Ive yet to find the sys32 file part of the virus what was it's original name??

 

[snburchett]

I GOT IT! My solution was actually incredibly simple.
I opened 'Task Manager'
'Right Clicked' the problem program "Windows Process Manager"
Go over to 'Properties'
Select 'Security'
Select 'Advanced'
'Remove'
'Deny' everything
'Disable Inheritance'
Apply everything.
Since doing this I have not seen the Process Manager in my task bar and my CPU usage is back to normal.

I am having a very similar issue to your problem, but when I try this solution I cannot find where it says 'Remove.'
1. I go to 'Properties'
2. select 'Security'
3. select 'Advanced'
After this step i am met with this window https://gyazo.com/f8a0bf083c7b593cc07ea63d9bb69d7c
So I am completely lost once I get to this window...

DON'T REMOVE ALL OF THEM! Remove all of them except the one for your user account (example: Alex Friedsonn). That way, you'll still have the ability to modify its properties. (And give yourself full control while you're at it.)

I am still confused as of what to do after I remove all the permission entries except the one with my name. Any ideas?

OK, so do what the guy said in the first place (deny permission to everyone) AFTER setting your own account as owner. And, if you want to be extra safe, then rename the files and extensions to something easily recognizable AS LONG AS YOU CHANGE THE EXTENSION TO BE UNUSABLE. Example: FYOU.WPMVIRUS. I'm still not sure about deleting the System32 file part of the virus, but it is safe to deny permissions to it and rename it.

Ive yet to find the sys32 file part of the virus what was it's original name??

It's the file being used by the processes in Task Manager that are named random strings of characters. I don't remember, and it doesn't matter anyway because this solution ended up not working. I reinstalled Win10.