Posted 13 November 2010 - 09:38 AM
First of all, you guys are doing a fantastic job, kudos to all at BleepingComputer.
I have read through your pinned topics and general "todos" before posting a topic. I think I have a "new" variant as an infection. Most definately a rootkit and some. It was causing all sorts of redirects, installation of scareware / malware etc. Avira Antivir,Mcaffee, Microsoft SE, MBAM. Super etc. could not do anything. HJT wont show what I need to see. I often use a fantastic tool called WhatsRunning and it was showing several "not wanted" IP connections. But its just a whatson scanner. Now after going through the motions I used ComboFix also, which would get stuck up - BSOD in normal and safe mode. I also scanned with UnHackMe which was showing presence of TDL3+mutant RK. Manually I would wipe off the files from appdata etc. but obviously it would comeback since the RK / Backdoor / Malware was not completely out.
Hence, instead of trying to waste time removing it, I clean formatted and installed a fresh copy of windows 7. For a few days it was fine, but now its back again. Could be because I had to use few files from the other drives / backup although I made sure I fully scanned all drives before doing anything and I have not used any exe, dll, dat, sys, com etc. files from the old backups. Especailly since I cannot delete / wipe files in APPdata/temp etc. I also feel that it is manifesting itself as flash player util and google toolbar etc.
I was restraining myself from posting, but then I thought it would be a great help to me personally and might be if interest to others if a solution is found out, if this is a "new" version of a RK / Backdoor / Malware.
Thanks in Advance
- xplora -