Please Help! Probably Rootkit!

Discussion in 'Malware Removal Assistance For Windows' started by Coryj1220, Aug 31, 2017.

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

  1. Coryj1220

    Coryj1220 New Member

    Aug 31, 2017
    Windows 10
    Operating System:
    Windows 10
    Are you using a 32-bit or 64-bit operating system?:
    64-bit (x64)
    Infection date and initial symptoms:
    Having just installed yet another hard drive into my MSI GE62 Apache Pro, I posted up in my living room near the router so that I could use the ethernet cable rather than wifi to redownload programs. It was then I noticed a program, ibtsiva.exe that appeared suspicious. It was in the system32 folder. I attempted to run Security Task Manager on it, it scored a 95% likelyhood of being malicious, and upon clicking scan it told me that the program had disappeared. I looked at my device manager and noticed dozens of new peripherals, wireless, camera, microphone, this person gained control of my pc. Upon checking the events and learning that there is a hidden file called root, as well as dozens of logins I am certain are not mine, I got on my sister's pc, also connected to the same network, to download software to rid of it. It was then I realized it had to have come from her pc, with events dating back to 11/2/15 mentioning a user changing the same files altered on my computer.
    Current issues and symptoms:
    Neither AVG nor Malwarebytes is able to even detect an issue. I can see someone adjusting their permissions in the event log. I honestly don't even know where to begin with this, I've barely ever been able to rid of a trojan.
    Steps taken in order to remove the infection:
    Run my scanners, to no avail. Altered the permissions on ibtsiva.exe allowing for it to be deleted, disabled network drivers, deleted all drivers containing root or having been altered in the estimated timespan of infection, but I'm not extremely tech savvy. I'm stumped, and honestly afraid to go back online.
    Logs added to help request:
    • I did not upload the FRST logs (I understand that this will increase the time need it to clean-up the PC)
    Sincere apologies, as I'm not yet sure if it is safe to connect either pc to the internet, I have yet to download any program allowing for a log and am unsure if I can do it at the current moment. Any guidance would be sincerely appreciated.
  2. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    Malware Removal, Gaming
    Windows 7
Similar Threads Forum Date
please help me decrypting my files . pnr Malware Removal Assistance For Windows Feb 7, 2018
SOLVED Please help removing Windows Process Manager malware Malware Removal Assistance For Windows Jan 28, 2018
SOLVED "Google Chrome Malware Virus Infected rundll32.exe! Please help" same as this persons from 2014 Malware Removal Assistance For Windows Dec 12, 2017