Hey there, first post - I came on here because this was becoming a pretty bad issue.
I got infected with some sort of rogue awhile ago that looked like Security Tool on steroids. Same basic GUI, a little bit of a different "style", though. (I'm thinking it may be a different variation of Security Tool so if you guys could show me any variations or predecessors, that would be great.) Granted, I'm quite familiar with Security Tool because I've helped other people remove it before. Anyway, it was displaying all of the "you're infected with fake viruses, please pay $9.9999x10^14 for a one year license to remove infection" crap. I was like "Oh, well then." I was going to go to SafeMode and use Malwarebytes to remove it since it is one of the more common/old rouges and I knew that would be detected and it would remove the appdata files and reg keys. I entered into Safe Mode with networking. While I was getting all the programs open that I needed, suddenly, a numerous amount of folders with child porn opened. In addition, Chrome opened with numerous links to the same kind of stuff as well as bestiality, hentai, and just plain legal porn.
I used my four anti-malicious crap programs (AVG, Malwarebytes, superantispyware, spybot SD) to clean out as much as I could. Anyway, I used the AVG Shredder on the illegal files and cleared the illegal links out of my browser history. All references to Security Tool were cleaned out by those programs and I can't find any files regard security tool. However, I am still having problems with illegal links opening and illegal content being downloaded. Basically, a chrome window/tab will open in the background and there will be more illegal forms of porn in links or files being downloaded a few times a day or so. Whatever program is governing this, it's also trying to load torrents into bittorrent. I basically clear the browser history and shred all the illegal files I can find with the AVG shredder. I've shredded a couple of suspicious files as well.
Anyhow, I've scanned with all four programs. Every time I scan, the programs detect more things, suggesting to me that there is some underlying rootkit downloading other programs or something like that. I used task manager a few times to observe processes running. I've found a couple of suspicious files/programs running and shredded them as well.
A weird twist - sometimes, when the illegal downloads/files show up, I see processes on task manager pop up for a moment, as if to initiate the links/downloads and then quickly closes. The names of the executables seem to be random numbers and letters. Oh yeah, it also opens some music torrent links, but I'm not really concerned about that.
Can someone help me out here? Not sure WHAT the problem is :c This kind of infection doesn't even seem possible on a windows operating system unless there is an underlying program that is hiding itself from task manager processes and is so well encrypted (or maybe coded in another language?) that none of those programs can find it, which is funny, because those are STRONG programs.
I haven't found any evidence of a keylogger or anything that steals PW's so I think I should be good security-wise for now.
Whoever can help, thanks!