Windows 10: Proxy Malware - c:\windows\system32\domainauthost\node.exe - Cannot Remove

Hi all,I have a proxy virus running on my Windows 11 Laptop. Already did a System reset but it came straight back.The service setting the proxy is node.exe running from Windows/System32/DomainAuthHost. If I delete the file and its associated files it returns immediately, and I cannot work out what is installing it.Have not found any malware software yet that detects it.

:)

 

Malware tprdpw64.exe after installing 7zip

Thank you for the reply and the suggestions. However neither link provided a working solution. I followed each set of instructions step by step, to the T, but the viruses are still there.

I killed the processes with Rkill as instructed, and it found and ended the malware process `tprdpw64.exe`. It, however, did nothing
about the adware `svcvmx` & `svcvmx client` processes. After doing so I downloaded and installed Zemana, as instructed, and let it do a full system scan. Might I add that this took over
10 hours to complete, as I have 1,396,541 files on my PC, so this whole thing wasted nearly half a day of my time with no results.

Zemana detected the malware virus `tprdpw64.exe` located at "C:\WINDOWS\System32\tprdpw64.exe"
(among other, smaller "threats"), and labeled it as malware. After it finished the scan, it said it has placed all files into quarantine, including `tprdpw64.exe`.
However, when checking the quarantine list `tprdpw64.exe` is
not listed. I then decided to have Zemana remove the files in the
quarantine list from my system and then rebooted my PC. It removed them all successfully, except for `tprdpw64.exe`
which is still on my system, and still runs (I can still see it in task manager after rebooting). So the 10+ hours of waiting were all for nothing.

I then used Zemana's "drag-and-drop" feature to re-scan just `tprdpw64.exe`
(in order to not have to wait 10+ hours again). It scanned it, and now says the file is not a threat (but it clearly is).

I then proceeded to step 2, using AdwCleaner to remove the adware. This did not work in the slightest. AdwCleaner did not detect the adware virus at all, and thus did nothing about it. I still cannot remove the viruses manually, either. However for some
reason, the adware `svcvmx` & `svcvmx client` processes no longer seem to run (my PC has been on for about an hour, and the processes
have yet to startup). However, even so the files are still on my file system and would like to delete them.

EDIT

I have just searched my registry, looking for any possible signs of tprdpw64 being listed, and there was nothing there.

 

Best way to remove problem Malware

Hi There,

I am trying to remove a bundle of Malware without success.

There is a bundle of listed programs which I try to uninstall through the typical Control Panel effort, but they remain listed there:

Buenosearch Toolbar
MyPC Backup
PC Performer
Speed Test 127
UnknownFile

I was looking at this weblink which provides a 5 step process for Buenosearch alone:
http://malwaretips.com/blogs/remove-bueno-search/

Not sure how much certain guides can be trusted. One of the first things I read was to download Revo Uninstaller, and I've not heard of it so I'm not sure if it's trustworthy..........

 

CSRSS @ c/i386

Tried Nod32.. no help. Will try kaspersky. Will try Norton Corporate Edition Anti-Virus. thanks for suggestion.