Windows 10: AMDRSServ.exe controlled folder acces \Device\HarddiskVolume2 is this malware?

this has been happening for the past months

:)

 

Malware tprdpw64.exe after installing 7zip

Thank you for the reply and the suggestions. However neither link provided a working solution. I followed each set of instructions step by step, to the T, but the viruses are still there.

I killed the processes with Rkill as instructed, and it found and ended the malware process `tprdpw64.exe`. It, however, did nothing
about the adware `svcvmx` & `svcvmx client` processes. After doing so I downloaded and installed Zemana, as instructed, and let it do a full system scan. Might I add that this took over
10 hours to complete, as I have 1,396,541 files on my PC, so this whole thing wasted nearly half a day of my time with no results.

Zemana detected the malware virus `tprdpw64.exe` located at "C:\WINDOWS\System32\tprdpw64.exe"
(among other, smaller "threats"), and labeled it as malware. After it finished the scan, it said it has placed all files into quarantine, including `tprdpw64.exe`.
However, when checking the quarantine list `tprdpw64.exe` is
not listed. I then decided to have Zemana remove the files in the
quarantine list from my system and then rebooted my PC. It removed them all successfully, except for `tprdpw64.exe`
which is still on my system, and still runs (I can still see it in task manager after rebooting). So the 10+ hours of waiting were all for nothing.

I then used Zemana's "drag-and-drop" feature to re-scan just `tprdpw64.exe`
(in order to not have to wait 10+ hours again). It scanned it, and now says the file is not a threat (but it clearly is).

I then proceeded to step 2, using AdwCleaner to remove the adware. This did not work in the slightest. AdwCleaner did not detect the adware virus at all, and thus did nothing about it. I still cannot remove the viruses manually, either. However for some
reason, the adware `svcvmx` & `svcvmx client` processes no longer seem to run (my PC has been on for about an hour, and the processes
have yet to startup). However, even so the files are still on my file system and would like to delete them.

EDIT

I have just searched my registry, looking for any possible signs of tprdpw64 being listed, and there was nothing there.

 

AdwCleaner: set to put Logs in folder with exe?

Thanks, SoFine. That's an interesting idea.

I'd have to put a long Pause in it, to let the executable finish, then the next two steps would move the files and then delete the empty folder.

The more I consider it, the more I conclude that I'll just run the program (from my Tools drive) periodically, read the results, and then dump the C:\ folder. As with most things in life, it's no big deal.

Thanks again.

- - - Updated - - -

Decided to try your suggestion. This worked perfectly: Log goes in the Logs folder in the same Tools drive folder as the executable, and the C:\AdwCleaner folder is deleted when it exists.

Batch file text:

@Echo off
"D:\Malware Tools\AdwCleaner\AdwCleaner.exe" /scan /path "D:\Malware Tools\AdwCleaner"
rd /s /q C:\AdwCleaner
exit

Found the info I needed by entering "D:\Malware Tools\AdwCleaner\AdwCleaner.exe" /?
at the Command Prompt.





Thanks to all for the input.

 

Remove .exe files caused by malware

You may do it easily with PowerShell, try open Windows PowerShell as administrator and type the following:

Remove-Item f:\malware\* -include .exe

Make in f:\malware\* add the name of the driver and folder and * is meaning all subfolders within the malware folder. if you want it within the driver you may write something like f:\* and -include .exe will remove all files with .exe extension.