OK Im pretty familiar with PC's being in the industry myself for 10+yrs. However I'm more of break/fix and general virus/spyware removal type of person. However Ive finally came across one i can't shake and have been reading threads after threads of other people who have experienced this issue. Rootkits and windows 10 is fairly new to me. I can find the virus and processes running, however I cant stop or find where it is replicating from.
Heres what hasnt worked thus far:
Rkill and RKILL iexplorer.exe
Malwarebytes (none of their software not even mb chk/rootkit)
No Antivirus software - Norton IPE, Kaspersky, Avast, Avira, ESET, TrendMicro Housecall, Bitdefender, Hitman Pro, Emisoft, Windows Security Defender. All of the above programs result give me the same result "Resource In Use".
Now for what I've managed to get working and detect issues but not fully get rid of the problem is:
1. Spybot Search and Destroy
(program was able to install, but i had to manually install the updates, because the virus was blocking it from updating.Successful Scans)
(It was able to scan and locate the files but not delete nor quarantine them)
3. Windows Security Defender Offline
(Ive got to say, this was the most successful program to run, however it found very little (3files) and didnt do much else)
4. Zemana Anti Malware (Portable)
(This program was another successful one on scanning and deleting/quarantine what it found, however after reboot the files come back)
So basically those are my PROs/CONs. Other things I tried, was booting in to safe mode with just command prompt and executing things. Safe Mode with networking support. All resulted in the same "Resource In Use". I've tried creating a rescue disk with Kaspersky and Avast on a Thumb Drive using different USB format utilities, however it seems to not be creating a successful boot.efi for windows to acknowledge in UEFI during boot up. Not even Hiren's Boot v15.2 is being recognize. I've even directed BIOS to boot from UEFI, and to no avail. Speaking of Hiren, Ive also tried utilizing Hiren's utilities, and get same results on most in CMD mood. "Resource In Use"
So there you have it. Thats about it in a nutshell. Ive been dealing with this for 4days now, and to no avail, I am unable to remove this or really locate this rootkit. Ive never been so stumped. The processes and files i keep seeing replicate themselves are: masse.exe, ravcpdkz.exe, and another i cant rememember the others. But they are pretty recognizable.
I can attach some logs from roguekiller, spybot and Farbar, but I cant find an attachment link on this message. Only photos?