Unbelievably stubborn virus/rootkit
- Thread starter Benci
- Start date
- Oct 15, 2017
- 3
Attached the log files.
I followed these steps:
1. Reinstall Windows.
2. Factory reset Android tablet.
3. Download Malwarebytes Antirootkit, Farbar, Services Repair using tablet, and copied the programs to the computer.
4. Ran MBAR, then ServicesRepair, then Farbar.
I am unable to find offline updates for the programs, and cannot access the Internet from the computer for live updates. The virus completely blocks the Internet through some type of denial of service- like attack, eating up the full band with and emptying my account.
I followed these steps:
1. Reinstall Windows.
2. Factory reset Android tablet.
3. Download Malwarebytes Antirootkit, Farbar, Services Repair using tablet, and copied the programs to the computer.
4. Ran MBAR, then ServicesRepair, then Farbar.
I am unable to find offline updates for the programs, and cannot access the Internet from the computer for live updates. The virus completely blocks the Internet through some type of denial of service- like attack, eating up the full band with and emptying my account.
- Mar 8, 2013
- 22,627
Hello,
Your computer isn't infected. What could be a problem is your old hardware and low amount of RAM memory. Also, Windows Update could be running in the background on the freshly installed system so that can slow it down as well.
Your computer isn't infected. What could be a problem is your old hardware and low amount of RAM memory. Also, Windows Update could be running in the background on the freshly installed system so that can slow it down as well.
- Oct 15, 2017
- 3
Good day.
I'm running a i7 980 extreme edition. It isn't old. The virus burnt out Corsair Dominator memory. It is a high end machine.
Im using 32 bit Windows because I have an original disc, whereas my 64 bit comes from an iso which may be infected.
The problem is that antivirus software will not run.
Comodo places itself in virtual space and the win directory in it's exclusion list. Others automatically exit when starting a scan. Command line based tools refuse to run with admin privileges. Most av tools though freeze the computer or disable the keyboard so I have to use the alt key to type using direct ASCII input in a command line to do scans. Disabled services run. When I try to stop non-essential processes (randomly started, even in safe minimal) I get an access denied message, as administrator.
What I will try is to use an install instance for a day or two until it is properly infected again, and repost the log files.
Another problem is that the SHA5 of infected files change as soon as I upload the files to VirusTotal.com. The SHA5 reported by Kaspersky and UVS don't match the SHA5 reported by VirusTotal. Typing it over manually on VirusTotal returns unknown.
When connecting the PC to the internet it cannot enter any major antivirus site. IceDragon and the like won't run.
Please help me solve this issue.
I have one important question though. After removing all harddrives and only having a read only Windows disc running in command line mode, I get a message say a windows repair is pending. How does it know that?? No storage devices besides the disc is connected. And this after resetting CMOS by removing the battery. This started after reinstalling windows before completing an integrity scan with the SFC command. (It did find ingregrity violations). Somewhere data, and the virus, is being stored. My question is where?
Regards , and thanks.
I'm running a i7 980 extreme edition. It isn't old. The virus burnt out Corsair Dominator memory. It is a high end machine.
Im using 32 bit Windows because I have an original disc, whereas my 64 bit comes from an iso which may be infected.
The problem is that antivirus software will not run.
Comodo places itself in virtual space and the win directory in it's exclusion list. Others automatically exit when starting a scan. Command line based tools refuse to run with admin privileges. Most av tools though freeze the computer or disable the keyboard so I have to use the alt key to type using direct ASCII input in a command line to do scans. Disabled services run. When I try to stop non-essential processes (randomly started, even in safe minimal) I get an access denied message, as administrator.
What I will try is to use an install instance for a day or two until it is properly infected again, and repost the log files.
Another problem is that the SHA5 of infected files change as soon as I upload the files to VirusTotal.com. The SHA5 reported by Kaspersky and UVS don't match the SHA5 reported by VirusTotal. Typing it over manually on VirusTotal returns unknown.
When connecting the PC to the internet it cannot enter any major antivirus site. IceDragon and the like won't run.
Please help me solve this issue.
I have one important question though. After removing all harddrives and only having a read only Windows disc running in command line mode, I get a message say a windows repair is pending. How does it know that?? No storage devices besides the disc is connected. And this after resetting CMOS by removing the battery. This started after reinstalling windows before completing an integrity scan with the SFC command. (It did find ingregrity violations). Somewhere data, and the virus, is being stored. My question is where?
Regards , and thanks.
- Mar 8, 2013
- 22,627
Similar threads
- Locked
