My home server (aging HP Proliant MicroServer, Windows 7 x64) has acquired some Malware from Hell. Turned up in one of those dodgy installers that wraps a legitimate installer in another package, and installs all sorts of nefarious software on your system.
It has proved intractable. Three processes are now running constantly on my machine, using CPU and doing goodness knows what.
And they're unkillable. I can't kill the processes, all I get is an "Access is denied".
The processes are called:
- svnlgau.exe
- iaawlnv.exe
- igfxmtc.exe
I've traced the three executables to these folders:
C:\Users\<user>\AppData\Local\iaawlnv
C:\Users\<user>\AppData\Local\igfxmtc
C:\Users\<user>\AppData\Local\rtnpeku
All of which are owned by some unknown account and are inaccessible.
Things I've tried:
- Changing the owner of the folders to the Administrator
- Using "Unlocker" on the directories to take possession of them
- Booting in safe mode as an administrator, killing the processes and deleting the directories
- Scanning with Microsoft Security Essentials (which can't access the folder either)
- Scanning with MalwareBytes
- Scanning with Windows Malicious Software Removal Tool (MSRT)
- Killing the processes with Kaspersky Task Killer
Short of rebuilding the machine, which would take days, is there anything else I can try?
