Greetings,

It seems I have a mystery on my PC. I started getting a error pop-up message from Windows Process Manager. When I looked at the message, it stated that the file NISATYU.EXE had failed.

I searched the internet and actually found nothing regarding this file. Once I found the directory it was in, Windows refused to let me delete the file, claiming its resources are in use. I tried running a few virus checkers and they also would not run, claiming that their resources are in use.

I tried to delete the directory in Windows Command Prompt but it denied me access.

Since I an not one to give up on a problem, or quick to format, I booted to my Win 7 Ultimate CD and used the Command Prompt. I was able to get to the directory and  finally delete it.

Then I rebooted and the directory was back.

Here are the strange facts.

The Directory name is C:\users\myname\appdata\local\WINSURU

I do not know where the directory came from

The app with the problem is NISATYU.EXE

When I looked for information on the web, regarding other files in the directory, they seemed to be associated with Chrome:

"PEPFLASHPLAYER.DLL"

"SNAPSHOT_BLOB.BIN"

"WIDEVINECDM.DLL"

"WIDEVINECDMADAPTER.DLL"

The Directories only return when I boot with internet access, so they do not return after I delete them (using Command Prompt from Win 7 CD), if I boot to Safe Mode.

In a sub-directory, I found a lot of image files that could not be viewed that started the day this problem started. I was able to delete them.

I do not have Google Chrome on my PC and every time I do a Malware scan, it reports the same 1163 errors found.

I do not believe this directory has anything to do with Google Chrome since the directory name is WINSURU and there is a file in that directory called WINSURU.EXE and NISATYU.EXE (the one WPM reports has a problem).

My guess is that when I 1st realized I had a problem, I managed to disable a virus from sharing my info but every time it tries, it generates the error.

Any suggestions what it is and how to remove (if I should)? Neither WINSURU.EXE or NISATYU.EXE can be found with any internet search I've tried.

Thank you for any help you may provide.

When I said "I wanted to use Super AntiSpyware but for some reason I get the message stating  that the resources are in use, I get the same with using the Windows Security."

I was referring to "Windows Security Essentials". Both give me the same error about Resources being in use.

As for Malwarebytes, each time I run it, I am told that the Rootkit Scan can not complete and needs to reboot, so yes, something has disabled my rootkit protection (which I always had enabled.

As for AVAST, I was wrong. No, I am still not able to run it in Safe Mode since it seems to want to connect to the internet 1st, but in regular Windows, the message I get is:
"The application has failed to start because its side-by-side configuration is incorrect"

I do want to thank you for the information you provided. I will look into them.

GPSpector:

Oddly enough, I was able to use Malwarebytes when the problem started and that was the one that reported 1163 problems.

 Hi GPSpector:

If Malwarebytes is finding that many problems then it's definitely time to visit one of the free malware removal forums reviewed in delphinium's thread Malware Removal Forum Recommendations.  The last paragraph of BevStra's thread MyWay Search notes that my personal favourites are BleepingComputer and WhatTheTech?.  Malwarebytes has their own Malware Removal for Windows board (another good choice if you already have a MB scan report you can show them), but whatever forum you choose be sure to pick only one and follow the instructions of the malware removal expert assigned to your case until until they tell you your system is clean.  There are guidelines pinned at the top of each one of these malware removal boards telling you what diagnostic logs you should attach to your first post.

Were you able to find any information on WINSURU or NISATYU? Are they part of something I should keep or delete? Seems no mater what I do to delete them, they return.

No I couldn't find any specific information on WINSURU.exe or NISATYU.exe but if these files are actually related to a malware infection the name of the file isn't important since malware developers frequently rename the files associated with their malware to try and avoid detection.  The best way to identify a file is by its SHA256 hash (digital fingerprint) and since you know the location of these files you can upload copies to VirusTotal at https://www.virustotal.com/#/home/upload for a hash analysis.  A high detection rate on VirusTotal like 15/64 would indicate that 15 of 64 common antivirus engines flag the file as suspicious.

I'm not a malware specialist but if these files are associated with a lower-risk PUP (potentially unwanted program) or high-risk malware then my best guess is that you have some sort of bootkit or rootkit that has embedded itself deep inside your Windows OS and is able to re-propagate itself after bootup, or that something like a backdoor trojan is reinfecting your computer every time you connect to the internet. These stubborn infections can sometimes be detected if you scan with Malwarebytes in Safe Mode with rootkit detection enabled (rootkit scanning is disabled by default in Malwarebytes) but a rootkit scan isn't something I generally recommend for the average user.  On rare occasions malware scanners will damage the Windows OS when they try to remove these deeply embedded bootkits and rootkits and leave the system unbootable, and it's much safer to get help from a trained malware removal specialist to make sure your system files aren't damaged while your system is being cleaned when you have one of these stubborn infections.

I wanted to use Super AntiSpyware but for some reason I get the message stating  that the resources are in use, I get the same with using the Windows Security.

When you said "I get the same with using the Windows Security" did you mean the built-in Windows Defender?  Note that Windows Defender in Win XP, Vista and Win 7 is a very limited anti-malware scanner that only checks for a small number of low-risk threats, so the Windows Defender on your Win 7 SP1 machine is very different from the Windows Defender antivirus that comes with Win 8.x and Win 10.  Microsoft's antivirus software for Win 7 is called Microsoft Security Essentials (MSE) and it must be downloaded and installed separately.  See the Microsoft blog Windows Defender and Microsoft Security Essentials: Which one do I need? for more information.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.3.0 * NS v22.10.1.10 * MB Premium v3.2.2

I wanted to use Super AntiSpyware but for some reason I get the message stating  that the resources are in use, I get the same with using the Windows Security.

Oddly enough, I was able to use Malwarebytes when the problem started and that was the one that reported 1163 problems. I have used UnHackme as well as Advance System Care. I was able  to use Avast but it seems to need the internet so I could not use it in Safe Mode like the others. Usually when I get a lot of found problems, they usually are just Cookies but I found it odd that it was always the same number, each time and none of these were Cookies.

Seems what ever I got hit with, disabled some of my virus checkers. I'm happy that I had others to use as well as my Win 7 CD.

Were you able to find any information on WINSURU or NISATYU? Are they part of something I should keep or delete? Seems no mater what I do to delete them, they return.

GPSpector:

I do not have Google Chrome on my PC and every time I do a Malware scan, it reports the same 1163 errors found.

Hi GPSpector:

What antivirus software do you have on your computer, and what malware scanner did you use? When a malware scanner finds that many errors they are often just detections for stray entries left behind in your Windows registry after software programs are updated or uninstalled, and in most cases these "errors" are harmless.

If a full system scan with your antivirus doesn't solve the problem I'd recommend running an on-demand scan with a reputable anti-malware scanner like the free version of Malwarebytes (available for download from  https://www.malwarebytes.com/free/).  Instructions for using Malwarebytes are posted in BevStra's thread MyWay Search, and the last paragraph of that post has links to free malware removal forums where you can work one-on-one with a trained malware removal specialists to clean your system if Malwarebytes doesn't help.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.3.0 * NS v22.10.1.10 * MB Premium v3.2.2