Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nagging Rootkit? Problems after Boot and Nuke and reformat


  • Please log in to reply
8 replies to this topic

#1 GamingRigDown

GamingRigDown

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 09 March 2013 - 10:36 PM

Hi all,

 

I started getting strange behavior from my computer and uninstalled Chrome browser to reinstall it thinking it would fix some things. I never was able to run the executable again. I kept getting strange errors. I ended up identifying it as some pesky malware and since this is a gaming PC with no important information, I reformatted and reinstalled Windows 7. Low and behold, I go to install Chrome again and get the SAME ERROR.

 

 

I used DBAN and wiped the drive. Installed again. Same issue. Did another DBAN, installed again. Booted in safe mode (F8 seems to get blocked so I used msconfig and chose safe boot with netowork). I had burnt a bunch of the recommended software I've been reading about like RKILL, and Malwarebytes and Avast anti virus. They installed off the CDROM, but could not update their libraries and found nothing to clean. Try installing some software again, same issue. No .exe will run.

 

I am at my wits end. IT professional with 10+ years experience outwitted by a virus.  I just want to play games! Help!

 

-GamingRigDown



BC AdBot (Login to Remove)

 


#2 GamingRigDown

GamingRigDown
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 10 March 2013 - 10:48 AM

Surprised no one has advice! I will try to rerun malwarebytes and see if I can move the update over via optical media.



#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 AM

Posted 10 March 2013 - 11:42 AM

I ended up identifying it as some pesky malware

 

How did you identify?

 

Do you have issues connecting to internet even after a reinstall?



#4 GamingRigDown

GamingRigDown
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 10 March 2013 - 12:46 PM

I had a toolbar called 'searchqu' on a browser I don't use typically. After reading about it, it appears to be some kind of malware.



#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 AM

Posted 10 March 2013 - 01:54 PM

You didnot answer my question



#6 GamingRigDown

GamingRigDown
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 10 March 2013 - 02:15 PM

I did not decisively determine the name of any malware. So I suppose I can't say for sure. The behavior seems to indicate some kind of virus/trojan.



#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 AM

Posted 10 March 2013 - 02:28 PM

Do you have issues connecting to internet even after a reinstall?

 

?



#8 GamingRigDown

GamingRigDown
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 10 March 2013 - 02:32 PM

There are two adapters installed for my motherboards ethernet adapter. I have to disable and re-enable one of the adapters to get it to connect. It does connect after that. I noticed about a dozen or more svchost.exe running despite it being a fresh install 



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 AM

Posted 10 March 2013 - 02:49 PM

Svchost.exe is not malware.It is an executable that is used by different services to run.

C:\windows\system32\svchost.exe-legitimate process
C:\windows\svchost.exe-infection

 

http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users