I have just reinstalled Win 7 for the 20th time on a new laptop using the factory installed media and have been studying what this malware does to the system before first boot. I definitely need professional help! I have 5 computers all hacked up the same. They all have been wiped clean using DBAN and the batteries and BIOS batteries removed. The laptop mentioned above has has Win 7 installed and I have followed the forum instructions on prepping it. They all exhibit the same behavior that is complexly obfuscated. When you install any AV, even in safe mode, it is reconfigured and there are even custom made files created to overwrite critical AV files. You cannot update the AV, but the system dupes you into thinking it has. There are 14 ports sending my data out using different protocols. There are 22 Windows DLLs that fool Windows into thinking they are genuine, but they are not. Windows Search is radically altered, task scheduler is completely altered, and on and on.
I have scanned this system remotely in safe mode dozens of times and finally hit paydirt. GMER found a rootkit in the directory Windows Software Distribution ending in .edb. It was hidden and password protected. I could not even take ownership of it! Of course later in the day it was gone... I could go on and on, but today something incredible was found when I dropped in a Linux CD with Parted on it. I ran a simple disk scan to see all was cool with the system partition... When you get back to me, I will upload a scrrenshot of what it is showing. Maybe you can tell me what's going on...
Anyway, I'll look forward to hearing back from you.
Edited by Budapest, 10 April 2011 - 05:11 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest