I have had a nasty infection recently which totally trashed my windows 7 installation, back then I had high memory usage errors when they should not appear. I decided to format my windows partition (C:\) and do a clean reinstallation (Do notice that I have 3 other HDD's full of stuff I do not want to lose). This is where my current problems started:
- Google Chrome stopped functioning
- Random pop-ups in internet explorer
- A blue screen with an mbr.sys
- Reinfection after clean windows 7 install and combofix
- "Interactive Services Detection" spam (not sure if its relevant).
- Firstly I did a quick scan with Malwarebytes' Anti-Malware. Found some things but did not fix the major problem.
- Then I started googling for similar problems and followed one topics which suggested that combofix would fix the problem. So I ran it and it deleted the following:
It fixed the problem for then and I could use google chrome again. But after not so long it got infected again somehow and google chrome does not work again.
Besmet exemplaar van c:\windows\system32\DRIVERS\atapi.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty ate it
- I decided to read on and did a full GMER scan for rootkit activity (quick scan did not show anything). There I noticed again the atapi.sys with a value of suspicious modification.
- I did a virustotal.com scan on atapi.sys . eSafe said it was a Win32.TrojanHorse and mcAfee-GW-Edition said it was a Heuristic.BehavesLike.Win32.Rootkit.H .
- Full Malwarebytes' Anti-Malware scan newly found: sshnas21.dll
Is it leftovers from the first memory stopping infection? Is the cause atapi.sys and sshnas21.dll infected and what should I do with them or am I looking at the wrong file. Since the problems seems to be coming back even after a clean reinstall and a combofix I am kind of at a loss. What would you recommend me to do?
Ofcourse I can post all the logs I have gotten so far on request or do new ones.
Hope to hear from you,
Edited by BlackClouds, 02 April 2010 - 10:17 AM.