Remove Smart Service Rootkit

[straycat19]

This rootkit will not allow the downloading or running of anti malware software.  When it is downloaded in Windows 10 with Edge it is corrupted and will not run. Additionally the programs that it runs do not allow access for stopping or removing them. The fake windows service is "WindowsManagementService"  and the three programs running in task manager are: cpx.exe, svcvmx.exe, and ct.exe.  Additionally there are files in the c:\windows\temp directory that will not delete named dataup.zip, and svcvmx.zip.  These files are password protected so they cannot be unzipped.

 

To remove this malware do the following:

 

1. The first thing you will want to do is open up an administrative command prompt. To do so: click Start, type in "cmd" (no quotes); wait for CMD.EXE or "Command Prompt" to appear in the list, right click it and run as administrator.
    
2. Highlight the commands below using your mouse
   
   c:
   cd \
   rmdir /q /s c:\windows\temp
   takeown /f "c:\windows\temp" /r /d y >out.txt
   icacls "c:\windows\temp" /reset /T >out2.txt
   echo EAT ME >dataup.zip
   echo EAT ME >svcvmx.zip
   echo this is a dummy line
    
3. Right click over top of the highlighted text above, then select "Copy" from the dialogue menu. Go back to the command prompt you opened in Step #1 above, then right click in the middle of the window and select "Paste". These commands should effectively disable most of the malware.
    
4. Now it's time to reboot the system. Upon reboot, the cpx.exe, svcvmx.exe, and ct.exe files which were part of your Windows Startup (accessible via Task Manager) should now be disabled.
    
5. With any luck, you should be able to download Malwarebytes Antimalware or any other antivirus / antimalware tool to successfully scan the system. If you receive a message that your download is corrupt (using Microsoft Edge, for example), try using another web browser like Internet Explorer, Chrome, or Firefox to download the same file.