â€‹ â€‹ Windows 10, 64 bit, HP
â€‹ I hope you can help!
â€‹I had various symptoms of system infection on my personal laptop so I had my tech savy friend look at it. He used various programs which I know included, at least in part, Malwarebytes, Malwarebytes anti-rootkit, GMER and in the end he determined I had a "Zero Access" Rootkit with a "malicious kernel component."
To list a few of the symptoms of infection, the computer kept reinstalling a fake version, unknown publisher, of Windows C++ Redistributable 2005, 2008, and 2010, malicious changes were made to my Windows Defender security policy (that's what my friend said) and it periodically would stop working, sfc scan showed corruption, he used Recuva to show me that basically image screenshots were being taken of all of my activity which was disturbing, and so on.
He said the only way to be sure the infection is eliminated is to reinstall Windows.
I made a Windows Bootable Media USB (unfortunately I had to make it on the infected computer), entered "repair your computer" using the USB media and used the bootrec /fixmbr, bootrec /fixboot [Access was Denied], bootrec /scanos, bootrec /rebuildbcd. Then I used diskpart, Clean All, formatted, and reinstalled Windows.
Even after the Windows reinstall, those same fake versions from an unknown publisher of Windows C++ Redistributable 2005, 2008, 2010 are installing themselves (even when I download legitimate Win C++ Redist from Microsoft, the fake ones install alongside them), Windows Defender is periodically shutting itself off, etc.
I'm going to reinstall Windows again but what can I do to totally eliminate the infection? Is there a step I missed maybe with not fixing the bootrec/ fixboot access denied or the bios settings? Is it okay that I made the Windows Bootable USB reinstall media on the infected computer?
Any suggestions would be greatly appreciated.
I did not include the Farbar because I don't see any point in wasting your time re-identifying the infection when I'm going to reinstall Windows. I just need advice on doing the reinstall in such a way that the rootkit is eliminated. Thanks!
Edited by c0mputerHelpPlease, 15 July 2018 - 03:39 PM.