Error: Access is denied (5)

[REDACTED]

So. I was recently annoyed with a certain program that had ran ads. So, I download what I thought was code to block ads before they played. I was very impulsive and it has led me to this situation. The situation being, I have a virus. The virus is unlike any I have seen before. It is a file name called "cgmxkde.exe". I  cannot find anything on the internet about it anywhere. In the task manager, it has a name called "Windows Program Manager" and because of that it is very difficult to search without getting results like "Windows Task Manager".

I can guarantee it is harming my computer and sapping its performance. On the task manager under processes, it uses up to 30% of my CPU at any given moment. I have been able to end the process multiple times via the taskkill command on the Command Prompt (admin) however, it simply starts again about half an hour later. I spent all of 10-19-2017 scanning my nearly 300gb of essentially video games and memes with the full virus scan. I came up with this picture showing the results of the scan.


I had suspected these files of being problems about 5 days before the scan when I went digging around after I noticed my computer being slow. This had only confirmed my suspicions.

What really gets me is the "Access Denied".


So, what can be done about this? I have located the files that need to be deleted, I have tried many different things and none have worked so I am swallowing my pride and coming to the experts. What can be done about this stupid virus?

If you need any other files like logs, just show me where I can find them I will have them uploaded shortly.

[Pondus]

If you need any other files like logs, just show me where I can find them I will have them uploaded shortly.

as said in your other post, sticky post at top here

[REDACTED]

Just help me. jeez

[Pondus]

Malware experts are notified. It may take hours before they are online

[dbrisendine]

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
• Click the Start Scan button.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
  
  A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach this file in your reply.

[REDACTED]

tdsskiller will not open when I both double click or when I run as an admin

[dbrisendine]

Please try the following instead then:

Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

[REDACTED]

I really hate to say it, but the mbar.exe would not run either. I downloaded it and extracted it to my desktop. Open the file, double click the mbar.exe and nothing happens

[dbrisendine]

Please download Rkill by Grinler and save it to your desktop.

• Link 1
  
• Link 2
  
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista, right-click on it and Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.

Once you have successfully run RKill, please try and rerun TDSSKiller or MBAR again.

[REDACTED]

Here is the log from rkill:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/24/2017 03:33:29 PM in x64 mode.
Windows Version: Windows 8.1 Connected

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 

Program finished at: 10/24/2017 03:34:16 PM
Execution time: 0 hours(s), 0 minute(s), and 46 seconds(s)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
rkill was unable to help start the program.
I was however able to start the program of Malwarebytes Anti-Rootkit by spamming "Start C:\Users\[My Name]\Desktop\mbar\mbar.com (I changed the application ending to make it run) into the Administrator Command Prompt and clicking "Yes" to the question that went like "Hey, this is already running, do you want to run it again".

I know, sort of a makeshift solution but it is running.

This is what my screen looked like after the scan (command prompt included as explanation for earlier)



A window had popped up saying I needed to install a DDA Driver




I clicked yes and I then got this message





What should I do now?

[REDACTED]

bump

[dbrisendine]

Do you have access to a separate clean system that you can burn a boot-able disk on? 

[REDACTED]

Yes, my grandmother managed to convince her boss to let her bring home a work computer. Sorry for such a long time before the response.

[dbrisendine]

I thought that this was already done so excuse me but I think we need to try this before using other more extreme measures ...


Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan
 
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.
 
On completion of the scan click Save Log, save it to your desktop and post in your next reply
 
The tool will also produce a copy of the mbrdump labeled MBR.dat. Please zip that file and attach it to a reply.

[REDACTED]

Here is the log

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-11-01 15:15:23
-----------------------------
15:15:23.506    OS Version: Windows x64 6.2.9200
15:15:23.506    Number of processors: 2 586 0x3708
15:15:23.509    ComputerName: EVAN-PC  UserName: Evan
15:16:35.958    Initialize success
15:16:36.259    VM: initialized successfully
15:16:36.262    VM: Intel CPU supported virtualized
15:16:43.468    VM: supported disk I/O storport.sys
15:16:51.399    AVAST engine defs: 17110104
15:17:06.878    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000025
15:17:06.885    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
15:17:07.552    VM: Disk 0 MBR read successfully
15:17:07.559    Disk 0 MBR scan
15:17:07.566    Disk 0 unknown MBR code
15:17:07.601    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
15:17:08.268    Disk 0 scanning C:\Windows\system32\drivers
15:18:15.566    File: C:\Windows\system32\drivers\wieknrux.sys  **SUSPICIOUS**
15:18:16.293    Disk 0 statistics 141175/0/5 @ 1.13 MB/s
15:18:16.304    Scan finished successfully
15:18:50.132    Disk 0 MBR has been saved successfully to "C:\Users\Evan\Desktop\MBR.dat"
15:18:50.139    The log file has been saved successfully to "C:\Users\Evan\Desktop\aswMBR.txt"



I tried to attach the .zip file containing the mbr.dat however these forums do not allow the posting of .zip or .dat, only jpg, png, txt, log, gif

I put the aswmbr.txt however, hopefully this works