I have a Windows 7 Enterprise system that started exhibiting evidence of malware after installation of an AV package from an old backup.
Initial signs were obvious with run away processes, additional software items being installed (visible in Control Panel - Uninstall programs) etc etc. Mostly Adware & a Miner.
Most of these were easily enough dealt with using staple tools - HijackThis, AVG, MalwareBytes, ADWCleaner, RKill, Rogue Killer etc. However as I though I was coming to the end of the process I've run into persistent malware/possible re-infection and the system has seemed cleaner at times, and less clean at others.
Current behaviours include not allowing Windows Security Centre to start, certain security tools to be installed (Safe mode or not), AV/Security software settings not being able to be changed/maintained in AV/security software etc. ADWCleaner also reports System Table in Firefox/Chrome but has been unable thus far to complete its removal.
I'm assuming I should probably track back to run FRST and post here but would like to check whether that's where I should start... Can someone please advise?
Edit (Additional): I've been doing some research while waiting for someone to respond to this post, and in the process I recalled seeing AppInit_dll (or similar) messages prior to my taking to cleaning what I thought were 'just' adware/browser hijack-type processes, so I'm wondering whether there's a dll redirection occurring?. Looking forward to hearing from someone soon. Thanks.
Edited by Exodius999, 04 April 2018 - 08:45 PM.