Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


stubborn rootkit

  • Please log in to reply
1 reply to this topic

#1 gr8patriot


  • Members
  • 1 posts
  • Local time:09:12 PM

Posted 10 August 2015 - 01:19 AM

I dont normally run disc that I am not sure of their origin without scanning them first but this time I did and 5 months , 2 Android cell phones and 8 computers later I am still struggling to get this or these people off of my machines.  From what I can tell the malware replaces your bios with a dummy bios that is well protected.  And I am still finding his files in new places like the ram and my drives and even firmware.  My machines are basically his at my house. I traced the source of the malware to a site on facebook and the web.  Dilshad sys and freeware sys.  At these sites they offer free pirated software from windows to eset security with an Ubuntu twist...I was brought to this site by a forum posting from a gentleman who had what sounded to be exactly what I have and now I cant find the article.  It didnt seem that the tech believed his cries for help were based of technical facts but I can tell you that they are.  I have seen his files that he replaces mine with and his x drive to his computers where he controls every move I make.  Every once in a while I surprise him but he has many people helping him and on my side its just me.  HELP!!!

Edited by Orange Blossom, 10 August 2015 - 01:25 AM.
Moved from Windows Server to AII. ~ OB

BC AdBot (Login to Remove)


#2 Firehouse


  • Members
  • 637 posts
  • Gender:Male
  • Local time:04:12 AM

Posted 10 August 2015 - 04:50 AM

Scan with Malwarebytes AntiRootkit
Please download MBAR and save it to your desktop.
Run tool as Administrator, tool will extract itself, and then launch.
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
Program will ask you to restart, allow it to do so.
Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.
Attach log here.
Scan with Norton Power Eraser
CAUTION: NPE uses aggressive methods to detect and remove malware,so do not touch any of settings !
Download NPE by Symantec and save it to your desktop.
Run the tool as Administrator,accept license agreement,and click  Scan button. 
Program will ask you to reboot to continue scanning (includes rootkit scan),so allow it to restart.
After restart program will automatically launch itself and start scanning. Scanning takes 5-10 minutes,so be patient !
If malware is detected,make sure that Create restore point option is checked,then click Fix button. After that,click on Restart now to complete removal.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users