Hello i've recently found out im infected.
At start i started to find my ping fluctuating in games ( my upload rate is low as my bandwidth )
so i decided to take a look at my running process and found rundll32.exe running with a suspicious command line "C:\Windows\system32\rundll32.exe "C:\ProgramData\8a2y8r0\8a2y8r0.dll",ayreb" ( directing to an hidden folder with an random dll ) and a temp file runming ( ex : g988.temp.exe ) what shock me was that malwarebytes didn't accuse of nothing despite being updated.
I took a deeper look using ProcessExplorer and confirmed by submitting the suspicious dll to virus total that was in fact an trojan ( ProcessExplorer allows to see running network activity of .exe -> dll ) downloading and uploading stuff.
I downloaded nod32 that in fact detected it and deleted it ( some temp files and the dll ) but left behind the hidden folder with an non executable temp file ( i deleted all of it ) , i took a look at task scheduler and there it was 8a2y8r0 ( probly the reason i see rundll32 runing every reboot )
Booted eset sysrescue live with an usb and did let it run overnight, but rundll32 is still here.
Fired up ComboFix but didnt found nothing so i booted FRST64 that found traces of it and firewall rules.
PS: There seems to be also Zam guard stuff and i have no idea what they are but as i remember i never have installed it.
I apologize for any grammar error english not my main xd
Edited by xterz, 16 January 2017 - 11:39 AM.