I came across BP whilst using combofix. An excellent program for ridding those nasty malware rubbish. I've tried the forum search but the words are a little too command to find anything specific. Google hasn't come up with anything either. My problem is as the topic suggests. I know how to set it working again so thats not the problem really.
The trouble is I know I've infected my PC and I know I've gotten rid of it but alas I don't think I've gotten rid of it all. I'm wondering whether the loss of TAB autocomplete is a sign of something and whether anyone else has come across it.
I don't know the name of the malware I infected the PC with (it was a little pet project to see what would happen). I know it was pretty lame but considering I was bored and it wasn't really my machine I thought it would be a good learning. It's turning out to be a slight headache to say the least.
I primarily use Malware Bytes and Combofix as arsenal weapons against spyware and the like. Malware came up with something and so did Combofix. I found out that there was a root kit which I feel I may have only half rid the system of. The file was ndis.sys which I revert from the I386 folder using BartPE.
The big headache is coming from malware code inserting itself in a website. The background on that is this.
The infected machine was a work PC. The website is hosted via a separate company. The files can only be updated via FTP so I need the master files which sit on the server and uploaded when changed. The master copies are sound but the website files get infected with <script> tags in index.php files and HTML files and document.write's in .JS files. I can't figure out how the files are being changed but I can easily revert them back. The double whammy is that one of my own personnel sites hosted from a box at home is seeing the same changes. I have multiple sites hosted at home for development purposes but only one has been infected so far. My bigger worry is I have other live sites I've done for others which have come off scott free but I'm worried it's only a matter of time.
Is anyone able to help track down this thing and clean it out once and for all. I'm happy to post up any information if someone could point me to a start point.
Thanks all. I can't praise combofix enough.
PS: I'm reasonable tech savvy and can general jump the hopes for workarounds and the like.
Edited by hamluis, 16 August 2010 - 02:30 PM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.