Please Help! Probably Rootkit!

Discussion in 'Malware Removal Assistance For Windows' started by Coryj1220, Aug 31, 2017.

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

  1. Coryj1220

    Coryj1220 New Member

    Aug 31, 2017
    1
    0
    US
    Windows 10
    Malwarebytes
    Operating System:
    Windows 10
    Are you using a 32-bit or 64-bit operating system?:
    64-bit (x64)
    Infection date and initial symptoms:
    Having just installed yet another hard drive into my MSI GE62 Apache Pro, I posted up in my living room near the router so that I could use the ethernet cable rather than wifi to redownload programs. It was then I noticed a program, ibtsiva.exe that appeared suspicious. It was in the system32 folder. I attempted to run Security Task Manager on it, it scored a 95% likelyhood of being malicious, and upon clicking scan it told me that the program had disappeared. I looked at my device manager and noticed dozens of new peripherals, wireless, camera, microphone, this person gained control of my pc. Upon checking the events and learning that there is a hidden file called root, as well as dozens of logins I am certain are not mine, I got on my sister's pc, also connected to the same network, to download software to rid of it. It was then I realized it had to have come from her pc, with events dating back to 11/2/15 mentioning a user changing the same files altered on my computer.
    Current issues and symptoms:
    Neither AVG nor Malwarebytes is able to even detect an issue. I can see someone adjusting their permissions in the event log. I honestly don't even know where to begin with this, I've barely ever been able to rid of a trojan.
    Steps taken in order to remove the infection:
    Run my scanners, to no avail. Altered the permissions on ibtsiva.exe allowing for it to be deleted, disabled network drivers, deleted all drivers containing root or having been altered in the estimated timespan of infection, but I'm not extremely tech savvy. I'm stumped, and honestly afraid to go back online.
    Logs added to help request:
    • I did not upload the FRST logs (I understand that this will increase the time need it to clean-up the PC)
    Sincere apologies, as I'm not yet sure if it is safe to connect either pc to the internet, I have yet to download any program allowing for a log and am unsure if I can do it at the current moment. Any guidance would be sincerely appreciated.
     
  2. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,444
    2,634
    Malware Removal, Gaming
    Windows 7
    ESET
Loading...
Similar Threads Forum Date
Help removing trovi spyware, please Malware Removal Assistance For Windows Monday at 3:51 PM
SOLVED Possible virus, please help Malware Removal Assistance For Windows Nov 4, 2017
HELP please.... peerblock blocking IPs Malware Analysis Oct 3, 2017