Dear BC users,
I happened to download an attachment with serious malware infenction that I've been struggling to fight against for too long.
What I've known so far about this infenction is that:
Processes it uses for presence
3. SearchProtocolHost.exe (!)
5. dllhost.exe (COM Surogate) (!)
6. dllhost.exe *32 (COM Surogate) (!)
It infects every file, does not matter in what format a file is. It also propagates through network. My second computer in my network got infected without any action taken on it (downloading, opening, extracting et cetera).
It is also undetectable by any of top-ranked antiviruses/malware protection tools (Kaspersky, NOD, AVG). Please note I've got legal, working licenses for these products.
Only Malwarebytes Anti-Malware detected it but failed at fighting against it.
- - -
Today I COMPLETELY formatted my HDD, repartitioned it and installed fresh copy. However, before doing so, I burned *.iso image on the infected computer. Guess what. After installing Windows and opening it for the first time, the malware started propagating itself. I managed to block temporarily consent.exe and conhost.exe with regedit, but the worm is still here.
Since Kaspersky, AVG and Nod are useless in this case and can do literally anything, I'm sitting dead helpless, struggling to find any solution against the malware.
Unfortunately, before getting to know I've got infected, I had to send some documents to my department at work and... the entire department got infected.
I will be really, really thankful for any support you can provide me with.
Do demand anything you wish from me to know what to do against the malware.
Thanks in advance for any help.
- - -
Attached are FRST.txt and Addition.txt. They were created after my action in regedit.
- - -
(!) these processes open up whenever any action is taken; opening a notepad for instance.
Edited by Yuusatsu, 20 July 2015 - 06:46 AM.