DELETION OF FILES MODIFIED BY VIRUS IN FILE REGISTRY

Question

I am a user of Windows 10 operating system. Kaspersky antivirus did not detect any infractions in my system. However, a blinking command prompt screen kept on popping up. I used Rkill to kill unwanted processes. 

OUTCOME USING RKILL:

Checking for processes to terminate:

 * C:\ProgramData\Windows Security\winsecurity.exe (PID: 3296) [AU-HEUR]

 * C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (PID: 5536) [AU-HEUR]

 * C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe (PID: 5820) [AU-HEUR]

3 proccesses terminated!

Every time I boot up the system, I have to kill these processes to prevent them from popping up.

Later, I used an unpaid version of SpyHunter to check for infractions. It identified the above processes as trojan and found out 2000+ other infractions. They also provide the path of the files added to the file registry by the threats. 

Example of path provided:

HKLM\SYSTEM\CurrentControlSet\Services\WindowsSecurity::Start

HKCU\software\microsoft\internetexplorer\domstorage\aqovd.com

and so on

Kindly provide suggestions on how to permanently remove these files or on how to remove the modified files in windows registry.

Answer 1

Kindly provide suggestions on how to permanently remove these files or on how to remove the modified files in windows registry.

You do NOT need to remove files or registry entries manually.

From Microsoft's site: Warning**Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system.

You've only killed the running processes so far. Until you remove the malware that's creating those processes and registry entries, it'll likely keep appearing in startup. What you need to do is run anti-malware scans to remove the malware permanently that's creating those processes.

First, open Control Panel. Under Programs and Features - Uninstall a program, check for anything suspect and remove/uninstall it. If unsure, leave it alone. Note: This will only 'start' the uninstall process. Then run Disk Cleanup to clear out temp, temp internet files, cookies, etc.

After which, run Rkill again if necessary to kill those processes before running these malware removal programs.

How to Remove Adware from a PC

How to find and clean malware infections with Emsisoft Emergency Kit

Edit: Just FYI, I Googled a couple of those entries. According to Symantec, one of those entries: Trojan.Egguard is a Trojan horse that downloads malicious files and injects malicious javascript into web pages on a compromised computer. Trojan.Egguard Another site says it's PUP. 

It may be necessary for you to seek further help on a specialty forum if those steps don't get rid of it. Let us know how things go after following above steps.

Answer 2

Thanks a lot CarolLJ!! You are a lifesaver!! I followed the steps to a T, and now my laptop is free of those unwanted programs. 

You're very welcome!

Re Unwanted programs, Later, I used an unpaid version of SpyHunter to check for infractions. It identified the above processes as trojan and found out 2000+ other infractions.

I hope you got rid of Spyhunter, which is also an unwanted program. It's a rogue anti-malware program and considered malware itself. There likely weren't 2000+ other infections.

Answer 3

Thanks a lot CarolLJ!! You are a lifesaver!! I followed the steps to a T, and now my laptop is free of those unwanted programs.

Answer 4

A search shows that these entries are only a small portion of those associated with the Adware.Elex.LeiQing, also known as Adware/Elex, as displayed in the following online repositories.

https://www.reasoncoresecurity.com/winsecurity.exe-859710cef446d1b0f34ae166d2b0cf184e90b70b.aspx

https://www.reasoncoresecurity.com/sysnetwk.exe-469edd139e37091868d7f5021a166c0555d87362.aspx

https://www.herdprotect.com/signer-lei-qing-2b8e845e7aa055fc643b525df3001a41.aspx

"Lei Qing is a software publisher located in Tianjin, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs."

The following MalwareTips Guide may aid in the removal of this adware, which they title as Adware/Elex

How to remove Adware/Elex from Windows (Virus Removal Guide)

Since you no doubt installed this as part of some other, supposedly free software, most antivirus applications don't remove such lesser PUP (Potentially Unwanted Program) items.

So you understand, nothing on the Internet is free any longer and hasn't been for several years.  The only question is what it will cost you, especially in time when the real problems it creates become evident.  In other words, stop downloading junk, because that's all that free software ever is.

Rob

Answer 5

Spyhunter? https://answers.microsoft.com/en-us/search/search?SearchTerm=spyhunter&IsSuggestedTerm=false&tab=&CurrentScope.ForumName=protect&CurrentScope.Filter=&ContentTypeScope=#/protect///1

Since you’re using Kaspersky did you seek advice from Kaspersky? https://forum.kaspersky.com/

Suggest submit any suspicious files to Virus Total for analysis: https://www.virustotal.com/

This is a consumer forum – if you have sufficient knowledge and technical skills so that you are comfortable “rambling” in the registry you might prefer to seek advice/assistance in the Technet Forum:

---

https://answers.microsoft.com/en-us/feedback/forum/fdbk_commsite-feedback_other/answers-socialmsdn-socialtechnet-forums-whats-the/6ed0e7c4-00e0-4d8f-81e1-04fbcaea6231

Alternatively suggest you try several of the following scanners: List of Malware Removal Tools 

Regards...

http://blog.emsisoft.com/2015/01/27/top-10-ways-pups-sneak-onto-your-computer-and-how-to-avoid-them/