Hello, I think I may be infected with a pretty nasty RootKit that may have affected my Master Boot Record and other stuff. Thanks in advance for any help at all.
TLDR: I think I have a Rootkit that shuts down my PC whenever I run MBAM. I think it's hiding in memory or a bootsector (Maybe even Firmware) and may have hidden itself when I was running Win 7. PC has been getting worse with BSOD, seems like its infecting .DLL files. Even crashed a VM.
Is there a tool or something I can boot off a disc or flash drive to scan for malware? Also, is there anyway to scan for firmware / Bios malware?
I upgraded to Windows 8.1 from Windows 7 Ultimate 8 days ago. Did a quick format using the Windows 8.1 installer and fresh installed Windows 8.1 to my Raid 0 SSD setup. (2x Samsung 840's using Intels Raid Manager). First thing I did was install all the Windows updates. Next I installed Softperfects RAMDisk and allocated 7GB to a Ramdisk, change the path of the TEMP folders to the RAMDisk. Then I installed all the driver updates for my GPU, Intel Chipset, Intel NIC (on motherboard), every driver I could think of. Then I installed AVG Free edition and updated that. Next I downloaded the latest Firefox, installed/ updated Java, and installed some software that came with my motherboard (Asus Fan controller, Digi+, Charge+, and cfosspeed packet manager). I flashed my BIOS with the lastest version downloaded from Asus' website (Using a USB drive and the utility built into the Asus Motherboard Bios) Lastly I downloaded Steam, uPlay, and Watch_Dogs. Everything was running well, did the AVG tool to fix what they found were registry issues and broken links, ect. Their optimization thing. Also did 2 full PC scans and AVG didn't pick up anything. Computer was still stable and fine. It ran perfectly until.....
Everything was still fine until I decided to try to run MBAM Anti-Malware. I downloaded the Free version and decided to try out the Premium for 14 days. The first scan I did, I checked the "Scan for Rootkit" box and had it scan every drive in my computer (C Drive is the SSD Raid array, T:\ was a 1 Terrabyte HDD, R:\ was my 7GB Ramdisk). My PC shutdown without any warnings or hiccups about 25 seconds into the scan. I thought that it may have been an issue with AVG and the Ramdisk, So I disabled the RAMDisk and AVG. It still crashed. Next I uninstaled AVG and ran MBAM again and it continued to crash. I uninstalled MBAM with the mbam-clean.exe tool, reinstalled AVG, and put my PC to Sleep. I came back about 3 hours later and tried to wake it from sleep and PC screen was black. Kept turning it off and back on and couldn't get anything to appear on the screen, not even the Bios Logo or anything.
I thought it was a hardware issue since the MB was giving error code 55, which after researching I found is related to RAM issues. I found a fix which required me to clear the CMOS, reseat the RAM modules, and hit the mem-okay button. After getting it to display the logo screen, I ran MEMTest86 and tested my RAM. No errors were found. Booted back into Windows and everything seemed fine.
I decided to try the MBAM Anti-Rootkit Beta and the same thing happened. After 25 seconds, PC shut down instantly, booted back up and restarted about 3 times before it took me to the login screen of Windows. Tried uninstalling it with mbam-clean.exe and reinstalling it, same thing happened. This time I had to clear CMOS, reseat RAM modules, and hit the mem-okay button again. Uninstalled again with mbam-clean.exe. The logs didn't show anything unusual, guess it shut down before it could write what happened.
Third Time (Virtual Box): This time I decided to install Windows 8.1 in a VM using the same disc I used for my Host OS. It installed to the VM fine, and I decided to run MBAM Anti-Rootkit without downloading anything at all. no updates, programs, anything. It was a fresh installs, only minutes old. MBAM was running fine for about 5 minutes (Longest amount of time I've gotten MBAM to run), finished scanning the first 2 tests, but when it got to the registry it froze for about 15 seconds, then my entire PC shut down. Not just the VM software, but the whole system. To get it to boot, I had to do the same process of clearing CMOS, reinstalling the RAM Modules, ect. I thought it was very odd that a VM could cause that kind of issue.
Continued Issues: I was just going to accept the fact that I had some Malware on my desktop and continue playing Watch_Dogs are worry about removal later. PC was still working fine, until last night when I tried to wake it up from sleep again. It woke up, then Windows BSOD. Repeatedly.
The first error when it came back on was "System_thread_exception_not_handled". Windows said it was gathering info but remained at 0% for 20 mins so I just held down the power button. When I tried to boot it back up, Windows did its repair thing, with the windows logo, and kept restarting.
The 2nd error that showed up when it finally blue screened again was NDIS.SYS. I let windows finish compiling that report (took about 35 seconds) then it restarted. When it came back on I got....
The 3rd error. After the intel page showing the raid drives, and the ASUS bootlogo, instead of going to Windows a black screen appared with "Bootsector not found or Damaged, Unable to Boot" or something similar to that language. I turned it off and back on again and Windows said it needed to repair stuff, but couldn't. Restarted it and hit the trouble shoot option and hit repair, it seemed like it fixed it. I was able to boot into Wndows, login, and I let it idle for about 5 minutes on the Desktop. Then it crashed again,
4th error was something about Network.dll or something to that effect. I forgot to write down the exact .dll file name but after googling it, it was definitely related to NIC drivers.
5th error was something about MBR, disappeared too fast for me to write it all down. This apparead on a black screen before windows booted.
6th error was "System_thread_exception_not_handled (cfosspeed)" Which I believe is the packet shapping software. I think the malware was trying to infect the network.dll files but since they weren't a typical configuration it was having trouble.
I decided to just unplug the desktop and work on it today. I just tried turning it on and first the PC freezes when it should boot into windows. Right after the Motherboard manufacture's logo where it says "press F2 or Del for setup", the "press F2 or Del" disappear but the logo stays on the screen and freezes. Powering off and on the PC got it to the Blue Windows logo, but there are a few screen flashes afterwards that are too quick to read then it freezes. Restarted it again and nothing is displayed. Not the Boot logo or intel RAID screen. Takes about 20 seconds for the keyboard and mouse (USB) to even get power and the monitor to get a signal, but the screen is was still black. Turned it off and back on again and it got to the Windows logo that said "Automatic repair", then it blue screened. Retsarted itself then blue screened again too fast for me to see what the error was, now it tried to boot again and got the following error:
The operating system couldn't be loaded becuse the kernel is missing or contains errors.
Error Code: 0xc0000221
One thing to note, when I was running Windows 7, I was watching videos on Crunchy Roll using Chrome when all of a sudden my PC started downloading and running files (The old school gray windows box with the blue squares for progress popped up). it was a bunch of small files it seemed since they finished Downloading/ installing quickly so I unplugged the PC after about 8 seconds. I had to repair my Raid Array but it seemed fined after that. Ran MBAM and got rid of a few files so I thought I was safe. This was about 75 days ago.
Sorry for the extra long post, tried to be as detailed as possible.