I have been working on a friend of mines computer, at my house instead of hers. I had done all of the virus/malware removal with no network connected in safe mode and normal mode. When I connect the desktop to a network it is from me doing an adhoc share from my linux laptop.
As soon as I saw it had malware in the DNS from roguekiller I would disconnect it from network, and then let roguekiller remove the dns. I cannot find any other malware in the system. Only when I have it connected to a network does roguekiller detect anything. I am at a loss of what to try next.
I am pretty sure she got hijcaked from someone pretending to be from rwglobal, and I found the mcafee installer from february 16, since I had previously installed avast and zemana anti-logger on her system, and now those are removed.
I have removed all malicious and unknown drivers, startups, services, etc and every malware I can find, but it still recreates the DNS hijack on the system. Currently AdwCleaner, and all the other malware scanners show the system as clean. Only rogue killer will detect the DNS changes.
Any thoughts?
As soon as I saw it had malware in the DNS from roguekiller I would disconnect it from network, and then let roguekiller remove the dns. I cannot find any other malware in the system. Only when I have it connected to a network does roguekiller detect anything. I am at a loss of what to try next.
I am pretty sure she got hijcaked from someone pretending to be from rwglobal, and I found the mcafee installer from february 16, since I had previously installed avast and zemana anti-logger on her system, and now those are removed.
I have removed all malicious and unknown drivers, startups, services, etc and every malware I can find, but it still recreates the DNS hijack on the system. Currently AdwCleaner, and all the other malware scanners show the system as clean. Only rogue killer will detect the DNS changes.
Any thoughts?