Hardware & Technical computer issue. Anybody know what this is?

Suul Vellumcore

Suul Vellumcore
I wonder if some of you tech saavy guys could help me. I've noticed alot of hard drive activity in the last two days. So I checked the task mgr under processes, and I've got like 12 instances of some google chrome exe running. It's located in user/appdata/locallow/mysearchdial in a subfolder there. It's named pvfmfwahad.exe. If I try to end those processes one after the other, they just start right back up, and I can't delete the .exe cause it's alway running.

It's eating up my memory, causing weird things to happen in elite, and seems to be keeping my norton antivirus working in overdrive to repel attacks. Elite keeps getting minimized then the desktop appears, but the game is still running and all I have to do is click on it in the task bar to bring it back up, but it's really getting on my nerves.

I never installed chrome, this just started all of a sudden... it seems like my computer's been slipped a mickey somehow, but my norton scan reveals not problems. How can I get rid of this thing? Any insight would be appreciated.
 

Suul Vellumcore

Suul Vellumcore
I guess I'll try that. But this is a pretty insidious virus I got. I was able to delete the file by booting in safe mode, but it comes right back. There's somthing in my registry that keeps it alive. Somthing to do with powelik. Makes numerous instances of dllhost32 run in processes also. Adwcleaner nor malbytes can detect it and it got right through norton. I'll try tge sys restore but I don't hold much hope short of hiring a professional virus removal team to get down and dirty inside my pc.. Thx.
 

Surfinjo

Surfinjo
I suggest you run MWB in Safe Mode. If that's what I think it is, it might get ignored by MWB and others.

If you don't know how to enter Safe mode then post. It isn't difficult.

Also, when you start MWB Click Scan, on the top bar, select Custom Scan select Scan for Root Kits and all the hard drives you have installed.

Then go an watch a long movie while it does its work. :)
 

Suul Vellumcore

Suul Vellumcore
Surfinjo said:
I suggest you run MWB in Safe Mode. If that's what I think it is, it might get ignored by MWB and others.

If you don't know how to enter Safe mode then post. It isn't difficult.

Also, when you start MWB Click Scan, on the top bar, select Custom Scan select Scan for Root Kits and all the hard drives you have installed.

Then go an watch a long movie while it does its work. :)
Click to expand...

Ok, but you'll have to excuse me... what is MWB? And if I might ask, how do you get to safe mode in win 7 the correct way? Pressing f8 didn't work (only asked me to select a boot drive) so I had to do it the idiot way... by unplugging it. Thx.

Oh, disregard the question about mwb... you're talking about malwarebytes I realized.
 
Last edited:

Suul Vellumcore

Suul Vellumcore
Thx for the info. I figured how to get to safe mode through msconfig. I'm running mwb in safe mode now like surfinjo suggested. It's found 2 objects so far, so I have hope. Your suggestion will be my next step if mwb fails. Thanks again. You guys rock.
 

Cmdr Andy B

Cmdr Andy B
Suul Vellumcore said:
Thx for the info. I figured how to get to safe mode through msconfig. I'm running mwb in safe mode now like surfinjo suggested. It's found 2 objects so far, so I have hope. Your suggestion will be my next step if mwb fails. Thanks again. You guys rock.
Click to expand...

just wait until we send you the bill :D
 

Davevti

Davevti
If that doesn't work you need to find the root folder where this little barstool is hiding, if you can find it and delete it then removing the file or exe again in safe mode should prevent it coming back.

Have you downloaded anything recently? It doesn't have to be malicious but some downloaders attach sub programs into them, there's normally hidden options to prevent installation for future reference.
 

Suul Vellumcore

Suul Vellumcore
This one's definitely a little barstool! Mwb in safe mode found 2 objects... one in the c/adwcleaner/quanrantine directory, of all places, and one in my e drive in my dl folder. I quarantine them and reboot in safe mode. Then I go into the locallow dir and delete the whole folder where that pvfmfwahad.exe is. This time it found its way into an old apple computer folder I don't use anymore. Reboot in normal mode, and there it is again, now in the Adobe folder in locallow. Insidious little barstool.
Any suggestions how I might find this root folder it's in that re-activates it after it's been deleted? I had like 12 instances of this pvfmfwahad crap running, and even more dllhost32 running also, bringing my cpu usage up to 65%, and having my norton intercept attacks from Trojen.powelik even with the browser closed. Strangley, if I run in main user, and not the admin, it's doesn't run.

uh oh... big bill coming, aye andyB? Don't suppose you guys would take some rep instead, huh? :)
 

Davevti

Davevti
Hmm, I'm off to bed so I will offer some help tomorrow but check your start up services, under msconfig, sounds like its reinstalling the barstool upon reboot. If something doesn't look right you maybe able to stop it from reinstalling itself until you can purge it.
 

Surfinjo

Surfinjo
Suul Vellumcore said:
Ok, but you'll have to excuse me... what is MWB? And if I might ask, how do you get to safe mode in win 7 the correct way? Pressing f8 didn't work (only asked me to select a boot drive) so I had to do it the idiot way... by unplugging it. Thx.

Oh, disregard the question about mwb... you're talking about malwarebytes I realized.
Click to expand...

Sorry. MWB is MalWareBytes. Be careful where you get it, as it has been pirated a few times.

This is a reliable site: http://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html

To get into Safe mode, you need to press an fKey when the BIOS starts but before the OS loads.

The key tom press varies. On my machine it's f5, some it's f8 and I've heard of a few that use f2. I'm sorry, but you just need to try each.

Once it accepts the instruction it will ask you which Safe mode you want. Select with networking.

Run MWB. make sure all the boxes I indicated in #9 are done and go have a long cup of tea.
 
You must log in or register to reply here.
Back
Top Bottom