My PC is a Pentium Dual Core E5700 3GHz, Intel G41 Express Chipset and 2GB of ram (Pretty rusty, but surprisingly good performance in Wii and Gamecube games) Windows 7 Ultimate 64 bit.
So recently, i see the 2 processes mentioned above, and one of them (It's always random) uses up 50% CPU, but the really weird thing is that whenever i open up "Dolphin.exe" (GC and Wii emulator) or sometimes another process, the .exe file is given the "hidden" property and the 2 processes open up, the result is that my PC gets really slow, however this isn't dolphin.exe's fault, as i could play games on it perfectly some time ago, nor is it other game as i have ran scans on it with MalwareBytes and Avast! giving no bad results.
I can't close any process as doing so will only cause the other process to open it up again instantly. I have managed to delete the 2 of them many times before, but they just come back when i open any .exe file, i have eliminated their "Runonce" entries in the Registry editor just after i delete the files (and i have tried before i delete them) but those entries get created again and the problem continues.
Runonce.exe is found in Syswow64 and System32 folders, but they can't be deleted since i need permission from trustedinstaller (Even then i can't change the permissions of the folders nor of runonce.exe)
I also have tried deleting the files and the entries in the registry in safe mode but it doesn't work, since as soon i go back to normal mode it starts again.
This is the most bullet proof virus i have ever seen on my PC, i have tried every method i know of to get rid of it but they never work.
And the handles in explorer.exe are: ntdll.dll!Userthreadstart (This one has 4 copies of it) explorer.exe (with one copy) ole32.dll
The handles in svchost.exe svchost.exe (with one copy) ole32.dll ntdll.dll!Userthreadstart (Between 3 and 6 copies)
That's all the information i can remember right now, by the way, i can't answer questions right now but tomorrow i will be able to answer all of them, so if possible try to post direct solutions.
Submitted August 31, 2017 at 04:54AM by TDRollinsR http://ift.tt/2wjX9JJ
No comments:
Post a Comment