Is there anyway to get rid of a unknown virus?

I am having a problem with what appears to be malware or virus.

Symptoms:

 Multiple Entries

  Recycle Bin contains multiple Recycle Bins with the Recycle Bin Icon, but the main looks like a folder and is labelled $Recycle Bin

  Multiple copies of NVContain is loading in Task Manager and ending Process Tree causes more to spawn.

  It seems to be attaching itself to NVContainer.EXE... it appears to be using masking or some type of filename redirection.

I've reinstalled several times and still in here.  I switched to UEFI and GPT partition.  I have AVG and Malware Bytes, but the file name redirection seems to be preventing it's detection.

Anyone familiar with this type of virus/malware?

Having problems with file security rights issues and unable to install apps from Windows Store.  Also unable to shutdown/restart.  Also due to writes issues.

Edit: More strange symptoms: It's putting things into Quick Access and now there is one GIF that can't be removed. Another one is it latches on to Nvidia driver files (NVContainer.exe and DLLs).  It would not delete from Windows.OLD directory. 

Edit 2: 

Applications have _8wekyb3d8bbwe added to their name and seem to be using signatures from other programs to cover their tracks.

CodeIntegrity:

===================================


Date: 2019-02-23 10:51:40.788

Description: 

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\nvvhci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Date: 2019-02-23 10:51:40.770

Description: 

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\nvvad64v.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Date: 2019-02-23 06:20:09.527

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


Date: 2019-02-23 06:20:09.527

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


Date: 2019-02-23 02:13:38.274

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll that did not meet the Store signing level requirements.


Date: 2019-02-23 02:02:49.598

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll that did not meet the Store signing level requirements.

Edit 3: Unable to shutdown, simply reboots. Infection may have gone even into Recovery partition.

Edit 4: Right-Clicking JPG file shows "ms-resources:EditWithPhotos" under "Open".  It's Obviously messed with the Registry.

|
Hi, Tae

My name is Maritza and I am an Independent Advisor. I would be happy to help you today.

What I can recommend is that you completely repair the operating system, but first you must backup your files, although with this method the data is not lost but it is a good idea to backup as a security measure, third-party applications if they are uninstalled, check this link.

https://www.intowindows.com/repair-windows-10-i...

Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

Let us know if these steps help you to resolve the issue.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Try running these programs:
MBAM free: https://www.malwarebytes.com/mwb-download/
Eset online scanner: http://www.eset.com/us/online-scanner/
Adwcleaner: https://www.malwarebytes.com/adwcleaner/

If these do not fully remove the virus/malware then it will be wise to register with a malware removal site to receive dedicated malware removal instructions, an expert will remain with you throughout the process until confirmation that your PC is 100% clean.
Malwarebytes virus/malware removal forum:
https://forums.malwarebytes.com/forum/7-windows...
Bleeping computer malware/virus removal forum:
https://www.bleepingcomputer.com/forums/forum22...

Disclaimer - This post contains reference to non-Microsoft websites and there may be ads on the page for products & services including products frequently classified as a PUP (Potentially Unwanted Product). Please thoroughly research any product / service advertised on the page before you decide to use them. Your discretion is very much advised.
Virginia - Time Lady.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I tried ESET NOD antivirus and it shows bogus virus detection messages.

Tae Hyun Song - Computer Technician (Installation/Repair)

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I am sorry to see you have marked my replies as not resolving your issue. I am trying to help you, but if you mark my replies as not resolving your issue this marks me as ‘unhelpful’ in the forum interface & it makes it difficult to help you. Others will also be less willing to help you with your problem too.
I have asked you to try something, to provide more information or offered the truth. I see that as helpful.
Ignore when you are prompted to give a rating (Yes or No) until we actually arrive at a solution that works for you or we exhaust all possible routes to fix the problem.
Please note that we are just Microsoft users like yourself.

The Eset link I shared is for the online scanner not the full anti virus.
Are you sure the program showed a bogus virus? You have stated you were infected previously so it may be showing remnants.
Virginia - Time Lady.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

It seems to be a rootkit infection.  I use a PrimoCache SSD caching software and the lights for the SSD/PCIE card isn't lighting up like it use to while booting up.

I don't know how it got there.  I can't identify it.  It seems to like Nvidia driver files.  It seems to have infected Microsoft's Edge browser.  I can't set default browser in Default Apps, but I have Edge, FireFox, Chrome, Internet Explorer.

It adds additional characters to the file names it has infected.

\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\

instead of:

\SystemApps\Microsoft.MicrosoftEdge\

It did some weird things to the Registry... right-clicking JPG file shows "ms-resource:EditWithPhotos" instead of "Edit Photos"

Let me know if you need anything else.

Tae Hyun Song - Computer Technician (Installation/Repair)

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated May 19, 2021 Views 283 Applies to: