Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible MAX++ infection on Win 7 64 bit - Need some assistance


  • Please log in to reply
1 reply to this topic

#1 littlehb

littlehb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 27 May 2011 - 07:14 PM

My son hauled in his laptop to me, complaining of problems surfing. After looking at it, I determined it to have a number of nasties, including Anti Virus 2011, amongst some other common malware. I am fairly capable at dealing with these, and had the machine back running OK soon, but still has some sort of browser hijacker as results from google searches were sent to "similar" pages, but not the correct page. I suspected a TDSS rootkit, but a scan for that came back negative. Using a Kaspersky rescue boot CD, it found 3 files which it labelled as zeroaccess/max++ type infection. It said the files could not be healed, and suggested deleting them, which I did. On reboot, got a BSOD, so I popped hard drive into another machine, restored the deleted files, and now computer boots up again, but still with rootkit running. Typical removal tools scans seem to reveal nothing. I could really use some help with this one to avoid reformatting.

System is HP laptop, running Win 7 HP 64 Bit, SP1 installed
Running MSE as AV and SP

If it helps at all, TDSSkiller, SAS, Malwarebytes, and several other utilites all come back completely negative, ie. not even a tracking cookie left to find!

TIA,

Edited by littlehb, 27 May 2011 - 07:29 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:04 PM

Posted 03 June 2011 - 02:00 PM

Can you provide the logs for TDSSKiller, Mbam, and SAS?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users