Posted 27 August 2009 - 11:32 AM
I have a computer that is infected. My wife got duped on a site, and apparently allowed "something" to run. This is the most aggressive infection I have ever dealt with. No antivirus/antimalware programs can run. Windows complains about permissions. Internet Explorer doesn't work. Firefox searches and hyperlinks get hijacked. ComboFix starts, then disappears. HJT starts, then disappears. I was able to use GMEP and is shows a .sys file in red under the rootkit tab. It also shows that svchost.exe, spoolsv.exe, explorer.exe, and a few random other services have been attacked. I try to kill everything that GMEP shows as bad, and reinstall MalwareBytes. It starts a scan, then disappears, and the red items reappear in GMEP. Please tell me what I need to upload to shed some light on this one. Thanks in advance.