Posted 06 August 2010 - 01:48 PM
Long time reader, firs time poster.
Hoping that one of the wizards here can help me with a major problem I'm having with what seems to be a particularly defensive new version of the Security Tool malware. I'm not a professional but have had a good deal of experience in cleaning malware, adware and viruses from computers over the past year or so for friends and family and can usually find a way around the standard defenses.
I've encountered Security Tool in the past and been successful in eliminating it. What's exceptional in this case is that I'm unable to run _any_ type application that i would normally use to attack this - Security tool terminates all 4 versions of rkill (including the iExplore and eXplorer versions), MBAM.exe, superantispyware, the CMD box and TSKMGR in normal mode. I cant even run hijackthis.exe to get a log.
I've booted up in safe mode (networking) and am able to run these applications, which identified Security Tool as well as some other malware files. However upon reboot Security Tool still launches. The other malware appears to be gone.
I've gone into msconfig and tried disabling all startup items and non-essential services in varying combinations to try and get MBAM running in normal mode that way, but Security Tool is still there when booting up in normal mode. Going back into the msconfig I see that all startup items are still disabled except for an entry called "syscron". There are actually 2 syscron entries - one enabled and one disabled.
I've tried the blitz approach whereby i try to cut straight to tskmgr at start up kill the processes before Security Tool fully loads, or i start rkill 10 or 12 times right at launch, but this sucker appears to have evolved from past versions as none of these work either.
Perhaps most concerning through all of this is that if i just let the computer sit idle for a half hour or so in normal mode windows will crash and I'll get the blue screen of death. The cause will be a "non-page error in a paged area" or "page error in non-paged area". I cant remember what the specific process that was associated with this is, but for the time being i've got the computer powered down until i get some new ideas as i dont want to mess with the blue screen if i can avoid it.
Any suggestions or help that anybody can provide would be extremely appreciated. The infected machine is my primary work computer. I've just returned from vacation and while i was gone the kids got me good.