How to remove engine.exe of Windows (and process) file?

By | 24.04.2016



at gunpoint virus

How to remove the virus engine.exe?

Virus engine.exe — Trojan. Hidden on the computer activates the victim bitcoin miner — application to solve complex math problems in order to obtain cryptocurrency. And then the results are sent through the Internet channel attackers or the dedicated third party, but then again, with the details of their «owners». In other words, exploit the resources of the infected PC (memory, graphics computing power) and «produces» money, earning the expense of others. The user, or more precisely, his car, inevitably becomes a miner.

Infection and symptoms

Quite often engine.exe penetrates to Windows during installation of hacked games. Unscrupulous relizyor or distributors, «free product», wishing to further enrich themselves, it is strongly recommended to disable the antivirus software to the installation was successful. Obeying this advice personally passed malware.

Four engine.exe presence feature in the OS:

  1. Without running any applications observed loading RAM and CPU to 80-99%.
  2. Actively using a network connection (Internet traffic) with no apparent connections set of trusted applications.
  3. Native Windows functions and applications run very slowly and work — PC «brakes.»
  4. The Manager OS task appears a process called engine.exe * 32 (sometimes several copies).

removal procedure

1. Click «Start.»

2. In the search box, type taskmgr.

launch taskmgr

3. Open the «Processes» tab in Task Manager.

4. Scroll down the list with the name of the viral process engine.

Attention! We malware can be another name. The analysis additionally pay attention to the objects of the digital signature ( «Description» column). Also, the level of consumption of resources (CPU column). Inflated readings (over 70%) — a clear sign of the involvement of the process to the virus.

5. Click on the name of the investigated image (object) right.

active viral process

6. Click «Properties» in the context menu.

7. On the «General» tab (Properties dialog box), in the «Location», copy it to notepad or remember the path to the application folder virus.

file location

8. Restart Windows in Safe mode.

9. Open the engine directory, copied from its properties.

Note. In most cases, it is located at: C drive → Members → [User name] → AppData → Roaming → [malicious folder]. The folder name varies: Known modifications — x11, x13.

Roaming directory

10. Go to the Roaming folder (click the top of the window, in the line path, on its name).

11. Remove cppredistx86.exe file and folder with the virus.

12. Close the window and click «Win + R».

run regedit

13. In the «Run», type regedit, and then click «OK».

registry editor

14. In the Registry Editor open: HKEY_CURRENT_USER → Software → Microsoft → Windows → CurrentVersion → Run.

15. «branch» the Run (list of keys in the adjacent box), perform the removal of records from «Microsoft Visual C ++ 2010″ parameter. It is disguised as a system package module that performs engine startup when you start your PC. Use a full-time function: right click → «Delete».

16. Restart the operating system in the normal operating mode.

prevention

After the cleaning procedure is mandatory scan all major carriers Antivirus, after updating its database, or additional curing utility — Dr.Web CureIt !, MBAM (Malwarebytes Anti-Malware), Kaspersky Virus Removal Tool.




Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *