Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection


  • Please log in to reply
3 replies to this topic

#1 Yostar1970

Yostar1970

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 25 May 2017 - 08:43 AM

Hi. I am hoping someone can look at my system. I reinstalled Windows after strange happenings on my computer. Things like windows reporting my antivirus and firewall being disabled, lots of certificate warnings and details missing in the properties tab for programs. Found strange files in windows folder. Also found a folder with lots of different versions of windows listed with keys.

If anyone would take a look for piece of mind I would be grateful

 

Many Thanks. 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:10 PM

Posted 27 May 2017 - 04:40 PM

hi,

Ok I looked. Logs look ok. Your best bet if you suspect malware is to run updated antivirus and antimalware software. do they come up clean after a scan?

How Can I Reduce My Risk to Malware?


#3 Yostar1970

Yostar1970
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 01 June 2017 - 03:47 PM

Hi sorry for delay had to reinstall windows many times. I have a severe infection, some sort of rootkit which survives complete reinstalls of windows. I have secure wiped my ssd also still returns.
It has some sort of account folder in hidden recycle folder. Something like 5-1-12-1345667. Have found other folders which are hidden even with protected system folders shown cant see theses. Example $trash in c: there are other hidden $ folders.
Also in system volume information are hidden folders. They are named by really long string of numbers. Found a small hidden partition which should not be there.

No anti virus software detects it (I have tried at least 7). After a reboot any installed antivirus software is completely under the control of the malware. They no longer update but never report this fact to me. It injects its code into them and renders them useless. Found this out through the use of sysinternal tools.

It goes about setting up print servers and terminal service connections. All hidden ofc.
I usually run windows 10 but have fresh installed windows 7, 8, 32bit and 64bit secure wiped drive and disconnected from the the net but still returns.

I could go on and on about what this malware does but this will do for now. Any help will be greatly appreciated.

Many thanks.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:10 PM

Posted 02 June 2017 - 04:15 PM

Seriously, dont know what to tell you. All i have is what you just explained in the last post.

If you feel the malware returns regardless of what you do or what antivirus you have run then maybe its surviving in some piece of hardware? Maybe its time for a new machine.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users