netfilter.sys

J

Joshex

New Member
Thread author
Verified
Mar 21, 2016
15
TwinHeadedEagle said:
Here you can find drivers for you

HP Software and Driver Downloads for HP Printers, Laptops, Desktops and More | HP® Customer Support

If this doesn't help, you'll have to reinstall your system.
Click to expand...

OK I manually went and killed netfilter, I removed all of it's registry entries even the system user ones. I cleaned up my net device list to remove the netfilter copies of valid net devices and am trying to replace all the valid drivers. the driver for "microsoft virtual wifi miniport adapter" is there but is not signed and I can't seem to find a replacement, I have contacted microsoft but to no avail the acted like they didn't have a copy of it.

before I forget I also need to reinstall the following network drivers:

Wan Miniport IP
Wan Miniport IPv6
Wan Miniport Network Monitor
TAP-Windows Adapter V9

TAP just needs a new driver but I can't find it, just like the Microsoft virtual wifi miniport driver. I have not tried looking for drivers for other 3 yet.

any help in this department would be appreciated.
 
J

Joshex

New Member
Thread author
Verified
Mar 21, 2016
15
I wonder if you can make heads or tails of this: I scanned with roguekiller again and it found the hooks again. they might be the main problem but it said it couldn't remove them. "this item cannot be removed"

saved as .txt
 

Attachments

  • RootKitHooks.txt
    4.9 KB · Views: 4
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I am not sure what is RogueKiller reporting, but that doesn't seem like a malware to me. Some of the lines are related to Zemana Anti-Malware.

You can try this to repair connection --> Download Complete Internet Repair - MajorGeeks

If this doesn't help, I am afraid you'll have to reinstall your system. I cannot help you further, this is malware removal assistance forum, if you want more opinions, you can open your topic in other areas of forum.
 
J

Joshex

New Member
Thread author
Verified
Mar 21, 2016
15
Hi again, huge update on this:

my friend's computer that I am on also has it, however it can't activate on this computer (I read through it's code) netfilter.sys claims to be a windows SDK and uses a fake verisign timestamp. further down the real culprit becomes clear with a mention of "China Telecom Trust Network",

further in it describes exactly what I'm experiencing, it creates a proxy and refuses to let the connection be disabled till it finishes installation, it requires a D:\ drive at that point where it creates an install file netfilter.pdb which runs then deletes itself (most likely adding in hooks and driver overwrites and registry, then netfilter.sys takes control of all network devices.

I can send a copy of the file but I warn, it's only tame without a d:\ drive

I'm contacting HP to see if I can reinstall all my drivers and thus possibly re-instance whatever registry or other stuff that got destroyed.
 

Similar threads

RogueResearch
  • Locked
Random Cloaked virus spreader in memory without knowing (Python , impossible to remove )
Replies
7
Views
516
Windows Malware Removal Help & Support
nasdaq
nasdaq
Victor M
    • Thanks
    • Applause
Serious Discussion Stop WiFi Direct attacks ( aka WiFi Peer to Peer mode ). (HP consumer laptops)
Replies
1
Views
962
General Security Discussions
Bot
Bot
M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
775
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top