FMsg16RtWV.exe: What is this? Since yesterday the CPU of a desktop (AMD FX4100 Quad) is permanently at 100% and the above file is running at more than 50% all times! Also the 7-Zip Standalone Console is running by around 20% too! I tried to stop that file to run via Task-Manager and could not! Does anyone know what these files are? Google didn't give any answer! Thanks for any info.
I tried that as well, but can't! That file is totally locked at his position and even with a normal search not to find. Copy and or paste is simply impossible! At the moment I've got a full Virus etc. scan running and will wait until that is finished. After that, I'll boot that machine with a USB HDD and try to copy and delete that file.
Check the Startup program and use CCLeaner tools that can help you disable Startup app and reboot it and see that stopped.. ATGPUD2003
How about trying to submit it to VirusTotal from safe mode? No idea if it would work, but I'd try that.
Maybe you should do an offline scan from winpe. Tools like "WinPE 10-8 Sergei Strelec" include some antivirus utilities. You could also then browse & find that file but I suspect that even if you delete it, it will be regenerated by some other hidden trojan...
Thanks for all answers! Nothing of that suggested was working. I even started that machine from an external OS and deleted it, including wiping the location where those files were located! The result: after restarting that machine from its own HDD, the files came back (at the same place as before!) and ran again, with the CPU on 100%! Now I'm reinstalling Windows 10 Pro again, after formatting 3 Partitions (50MB, 150GB for the system, 500MB sys backup) and if that does not work either, I'll LLFMT the whole 1TB HDD! OK, let see how all will be?!
That is why I keep backup. I don't try to solve the problem. One click. restore done. System load. Save me lot of times
@Enthousiast: I was not able to copy that file(s), they were totally locked! Even not any way to delete or whatsoever! Also, the formatting of that 3 partitions was not enough, I needed to LLFMT the HDD! Now I'm back on it with a fully clean installed Windows 10 Pro, still working on getting everything back as needed. To send files to Virustotal, you need to send a copy to that site, and that wasn't possible! It was my first step at all to do as that problem occurred! @Dark Dinosaur: I'm not sure that a Backup would have worked. Fact is, using to restore to backed older Restore Points was not working at all, those files still were in their place! I always create Restore Points before installing anything! Anyway, no Data loss! All of my data are on different drives, not on the System/OS Drive. Soon I'm finished with the new installation of all apps and the new structure, I'll create an Image of that System/OS Drive! That, I hadn't done before, my mistake! Thanks for all answers.
You said you wiped the location when started from another OS, when you successfully was able to wipe it you should also have been able to copy it.
If you really had read what I wrote, you should have realized that the wiping alone wasn't working, I finally needed Low-Level Formatting on the whole HDD Drive to be able to clean and install Windows 10 again! Just as always, you know everything better!
You definitely have malware. The question is, how to get rid of it? I would use Autoruns and look for anomalies. You might see two different exe files that look suspicious. The first one would create the exe file if it doesn't exist and the second one would run the exe file malware itself. Running the system at 100% is strange. It might be some kind of crypto miner.
Thanks for your answer. Interesting about that Crypto Miner! That maybe explains why that 7-Zip Standalone Console was also running at high levels at the same time! I'd 7Zip installed on the machines but that 7-Zip Standalone Console wasn't using the 7Zip app I was running on that machine! At the same time also the use of the RAM was above 50%, while normally it's about 10-20%, I've 16GB on that machine. At the moment I'm still setting up everything on that machine again. I may change the LAN Cards (2 of them) to get some different MAC Addresses. I'll need to check my Smothwall to check about what happened the last few days on the Network, if there any access from some Crypto Sites?! I normally didn't 'play' with such Crypto sites! Thanks again.
I am not talking about the restore point. Full drive clone saved of different drives. and since from my understating, you don't have one. and if it really a harmful bad virus. I would not try to fix it, I will do a full system fresh install.
This is why running a firewall is critical these days. I use Simplewall and it helps me dictate what does and does not have access to the internet. Good luck.