Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FakeHDD Variant


  • Please log in to reply
1 reply to this topic

#1 fbnewtz

fbnewtz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 27 October 2011 - 12:16 PM

I am working on a clients computer and he has(had) a FakeHDD variant on here. I thought I was able to successfully remove it but it either was a more serious infection than I thought or got back on the computer.

The main part of the infection seems to be removed but there is one file that just will not go away that makes me think there is a rootkit on the system.

C:\windows\svchost.exe

MalwareBytes picks this up as a Trojan.Agent but nothing will delete it. Well, I can delete it, but it comes right back. I have tried booting into safe mode and running MalwareBytes, again it picks up the Trojan.Agent, but no other files are detected. I tried pulling the drive out and running Antivir and MalwareBytes from another computer and it does not pick anything up.

Please give me instructions on what information to provide so we can find out what this guy is and how to remove it.

Thanks,

Fred

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:57 PM

Posted 27 October 2011 - 08:42 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users