Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection on Windows 10?


  • Please log in to reply
2 replies to this topic

#1 pixycomp

pixycomp

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 18 September 2015 - 01:07 PM

Thank you in advance for your help.  I just purchased a new Windows 10 laptop (64-bit OS, x64-based processor).  Four days ago I noticed that my android phone had turned bluetooth on by itself (I always keep it off) and paired to an unknown device called "Misc".  The login credentials to my home wifi were saved in my phone so I immediately checked my computer to run a virus scan and noticed that bluetooth was enabled on my laptop, scanning for devices to pair with, and it listed a device called "Unknown."  I made hidden files/folders visible and saw what looked like a Remote Desktop connection so I went to the Remote Settings and the box was checked to allow Remote Desktop Connection.  I am positive that prior to this incident, bluetooth and Remote Desktop were disabled.

 

The computer booted slowly so I reinstalled Windows 10 using the built in refresh/reset option.  I ran Malwarebytes and ESET - both came up clean.  But the computer kept enabling Remote Desktop Connection and booted slowly so I ran TDSSKiller which quarantined 1 object:

c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe

AdaptiveSleepService ( UnsignedFile.Multi.Generic )

KLMD registered as C:\WINDOWS\system32\drivers\43299166.sys

 

Now the computer screen occasionally blinks and things occasionally flash on the screen (with the appearance of a command prompt that runs for a millisecond), and remote desktop keeps re-enabling itself.

 

I hope you can help.  Thanks!



BC AdBot (Login to Remove)

 


#2 pixycomp

pixycomp
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 18 September 2015 - 01:16 PM

I am so sorry that my question posted 3 times!!!  I have no idea why - it was unintentional!  Please delete the duplicate questions and sorry again!



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:18 AM

Posted 18 September 2015 - 01:18 PM

Hello can you please repost with an FRST log from this guide? Start at step 6.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.

I'll remove the others.

Edited by boopme, 18 September 2015 - 01:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users