Gary Rockliff
New Member
- Reaction score
- 1
- Location
- Australia
Have you tried creating a new user profile to see how the system performs?
Nasty Virus - Cannot Find Nor Remove
- Thread starter Digital Sage
- Start date
Digital Sage
Active Member
- Reaction score
- 106
- Location
- Merimbula, NSW, Australia
Mbar didn't produce results. Rootkit might be so deep it's preventing detection. Slave to another computer and new user profile are both great ideas.
I'm at the point now where I'm going to do a windows repair to get it done.
First time dealing with rootkits. I've learnt heaps in the past 24 hours. Most of my clients are MAC related, it's been a whole since I touched windows.
That D7 tool is awesome. Thanks everyone for the helpful support.
I'm at the point now where I'm going to do a windows repair to get it done.
First time dealing with rootkits. I've learnt heaps in the past 24 hours. Most of my clients are MAC related, it's been a whole since I touched windows.
That D7 tool is awesome. Thanks everyone for the helpful support.
NYJimbo
Well-Known Member
- Reaction score
- 2,010
- Location
- Long Island
Did you fully replace the whole folder structure of windows defender with a known good one and then rebooted and then tried to check defender ?
Xander
Banned
- Reaction score
- 66
- Location
- Niagara region, Ontario
And, to repeat myself from yesterday, have you tried a fully updated KAV Rescue CD?
Digital Sage
Active Member
- Reaction score
- 106
- Location
- Merimbula, NSW, Australia
Yes. Renamed windows defender. Replaced with a copy from diff computer but only have 64 bit version which wouldn't launch... Bit even with rename system still is compromised. Windows defender won't start up when requested but rootkit seems to be emulating its call by disabling all Dow loads and email attachments from being opened.
Haven't tried KAV rescue cd. I've tried almost every tool available (up to about 20) and nothing is detected. Rootkit seems to adapt or update - seeing new behaviours with each restart.
NYJimbo
Well-Known Member
- Reaction score
- 2,010
- Location
- Long Island
I really think you are reading this all wrong. I can give you a 32 bit copy.
Why do you say "rootkit seems to be emulating its call" ? A broken defender will do exactly what you are seeing without any active virus.
Digital Sage
Active Member
- Reaction score
- 106
- Location
- Merimbula, NSW, Australia
If you could give me a zip file that would be great, so i can test this theory...
Thanks.
Thanks.
Hey folks,
Posting on here to see if anyone's seen anything like this.
Vista system. Strange infection that can't be found by any virus or malware tool i've thrown at it.
All downloads show as contaminated. Attachements refuse to open via email. Google chrome profiles corrupt and any search made in the search bar of chrome goes to softonic results.
No extentions in chrome. No settings in chrome are any different then default (nothing about softonic, but it's persistently redireting).
No results from any scans, in both safe mode and normal.
Tearing my hair out here....
Any ideas?
Thanks
Anthony.
Are you sure the hard drive is good?
Rick
Digital Sage
Active Member
- Reaction score
- 106
- Location
- Merimbula, NSW, Australia
Today was day 3, and my client is a business consultant so i ended up doing a fresh install of Vista (i know, painful in itself) and moved all his old pics / docs / music over.
The difference in speed alone is remarkable.
Look, i don't know what i found, but it's really nasty. I saw chrome warning about being violated - in the toolbar. After a windows update and a restart, chrome had a redirect to softonic with every search and user profiles were corrupt. The update allowed that patch to occur.
USB Access was blocked - no double click (error) but right click would work. Permissions error on Windows Defender (i didn't touch them), System was slow as slow could be and would momentarily freeze now and then.
Now, it's fine. Apart from it being Vista, of course
The difference in speed alone is remarkable.
Look, i don't know what i found, but it's really nasty. I saw chrome warning about being violated - in the toolbar. After a windows update and a restart, chrome had a redirect to softonic with every search and user profiles were corrupt. The update allowed that patch to occur.
USB Access was blocked - no double click (error) but right click would work. Permissions error on Windows Defender (i didn't touch them), System was slow as slow could be and would momentarily freeze now and then.
Now, it's fine. Apart from it being Vista, of course
ComputerRepairTech
Well-Known Member
- Reaction score
- 804
- Location
- Columbia, SC
for future reference...
chrome lists extensions but it does not list plugins. its possible that there was a plugin in the chrome plugin installation directory. there is another method that I do not yet fully comprehende that i have seen recently.
for now simply backup bookmarks and uninstall chrome delete both the application directory and the user profile directory and reinstall chrome.
As far as the other issues go I don't know anything other than whats already been said.
chrome lists extensions but it does not list plugins. its possible that there was a plugin in the chrome plugin installation directory. there is another method that I do not yet fully comprehende that i have seen recently.
for now simply backup bookmarks and uninstall chrome delete both the application directory and the user profile directory and reinstall chrome.
As far as the other issues go I don't know anything other than whats already been said.
Similar threads
