Hi, so, it must have been 1 and a half months ago or so, maybe a little longer or shorter but. I downloaded a file from a 'friend' which turned out to be a backdoor.bot, I deleted the file immediately and ran a malware-bytes scan, it found a backdoor.bot called 'lsas.exe' in my system32 directory. I restarted my computer in safe mode, ran the scan again and it 'deleted' it. A few days later it came back, again I ran in safe mode and deleted it. It has been fine for the past 3-4 weeks, but then I noticed some weird things. Random programs like minecraft spiking in CPU, skype I/O disc error etc, so I ran a scan and it has come back. Each time I remove with malware-bytes in SAFE MODE, it still comes back at a later point. This is the paid malware-bytes by the way.
I know what kind of replies I would get, 'Try this scan, and then this scan.' I'm willing to do all that at this point, however, why can't malware-bytes fully delete it? Is there a registry key or something?
IMPORTANT NOTE: Whenever I removed lsas.exe with malware-bytes in safe-mode it prompts me to restart my PC, however, when I restart my PC it is just a black screen, pressing CTRL+ALT+DELETE works so I open up task manager to find 'RunOnce*32.exe' (not sure if the *32 is there, i think it is just RunOnce.exe), is this malware-bytes or the malware trying to come back?
Edit: Went into system32, I found the lsas.exe and clicked properties, however, malware-bytes auto-deleted it. https://gyazo.com/bd26978c684968ca83502be95a8a40c6
I'm assuming I'm still not safe, how do I COMPLETELY remove this 'backdoor.bot'?
Edit2: If when malware-bytes removes the virus, it is removed but comes back at a later date I don't mind doing a daily scan and removing it every time, having it gone completely would be nice though.
Edited by nulgathlarva123, 10 November 2016 - 12:18 PM.