0

I downloaded something off a link and once I installed it a few minutes later this thing popped up in task manager: Microsoft Edge Update Setup/libmfxsw32.exe. I tried to open its file location in Task Manager (located in "%APPDATA%/Mxmetamux") and it says that access is denied, along with that the folder never displays in file explorer. I looked up the exe's name and it says that it executes these files: icalcs.exe, cmd.exe, and fontdrchost.exe. I know that icalcs.exe is the one that manages folder permissions, and I once tried both the takeown and icalcs commands that were "executed successfully" but didn't make the folder accessible. I tried ending the libmfxsw32.exe process but it keeps popping up again in task manager.

JebKerman
  • 1
  • Try starting windows in safe mode, and delete the file that way (since you know where they are). Or use some sort of Linux live CD/USB and delete them that way. – Darius Jan 31 '21 at 06:40
  • 1
    MY advise is backup your content, nuke the install with DBAN, and rebuild. once you have verified a non-trivial compromise, you can never trust that its clean again. – Frank Thomas Jan 31 '21 at 06:44
  • don't worry guys, I managed to delete the virus by using a .bat script. However there might be more than that. – JebKerman Jan 31 '21 at 06:58

1 Answers1

-1

Nevermind, I managed to create a .bat script that kills the virus first and takes ownership of its folder and deletes it. Luckily the virus doesn't run immediately after it's killed.

JebKerman
  • 1