-
I'm afraid you have a trojan and some are difficult to remove
-
In case it's some bug or trojan, there must be at least some file belonging to it resident on your computer, even if it's a library or something...
I suggest:
System restore to before it happened
or
after restoring, enter directly (or enter without restoring or by putting the disk as a slave on another PC, the latter is better to prevent whatever is running from working) and look for recently added or modified files (usually it's better to search by last creation date). By the way, include folders and hidden files, obviously. When you have the culprit or culprits, delete them mercilessly or isolate them in quarantine in case you can't delete them for any circumstance (they might resist due to association with important files).
Something like this has never happened to me, but for some strange bugs that have ended up on my computer a few times, I've followed these procedures instead of racking my brains with the antivirus, and I've almost always managed to cut their crap. Although maybe you don't feel like investigating "by eye", and even less at this hour... it's understandable :sleeping:
Night greetings and good luck with the hunt :sisi:
>> i7-2600K Sandy Bridge @4.4GHz || Noctua NH-D14 || ASRock Z77 Extreme4 || 4x8Gb G.Skill Ripjaws X DDR3 1600MHz || XFX RX 5700 XT 8Gb || SSD Samsung 850 PRO 256Gb & 850 EVO 500Gb || WD Caviar Green 1Tb || Barracuda 1Tb || Corsair TX650 V2 || M-Audio Fast Track Pro || KRK RP8 RoKit G3 || BenQ GW2750 27"
>> Athlon 64 X2 5600+ Brisbane @2.9GHz || Gigabyte GA-M61PME-S2 || 2x2Gb DDR2 Kingston 800MHz || Sapphire Radeon HD 5850 Xtreme 1Gb || Maxtor 320Gb SATA2 || OCZ ModXStream 500W Modular || TEAC PowerMax 120/2 || Acer X243w 24"
>> Intel Core2Duo E6600 Conroe @2.4GHz || Asus P5N32-SLI SE DELUXE || 2x1Gb DDR2 Kingston 800MHz || Asus nVidia GeForce 9800GT 1Gb GDDR3 || Seagate Barracuda IDE 80Gb 7200RPM || Linkworld LPK12-35 450W -
The usual thing, format and period.
That said, it is clear that free antivirus programs are a sovereign m:mudo:, that only serve to give up:mudo: with ads about the paid version.
Whatever it is, they have screwed up all of them, from "Abirria" to "Mimosin" among others.
It's that none of them have pulled out more than a couple of cookies and suspicious registration keys, others not even that. ComboFix did pull out two infected libraries, but after deleting them, running OTL, CCleaner and running MWB again, it was still the same.
What bothers me the most is that whatever it is, it's still there, and no antivirus recognizes it as a threat, and that's the worst part.
Anyway, thanks and sorry for the trouble. :love: -
Put some antispy to see if they detect it, and surely there must be some background process unless it has infected explorer but then the antivirus should detect it. Good luck, I recently found myself after many years with an infection that avast detected late and 15,000 files were screwed up… Now I have returned to avg :lol: -
Have you tried Microsoft's tools... Security Essentials and the Malicious Software Removal Tool?? -
In good (paid) Antivirus programs, you can create a bootable CD to fight rootkits that run in stealth mode :frio:
But you can take a look at these free antirootkit utilities and these free versions of those bootable CDs.
Salu2!
Intel i5 3570k / ASRock Z77 Extreme 4 / G.Skill F3-12800CL9D-8GBRL / Sapphire HD5850 / Samsung HD103UJ / TR TrueSpirit / NZXT Source 210 / OCZ ZS550W
Intel i5 4570 / ASRock H87 Pro 4 / 2x G.Skill F3-14900CL8-4GBXM / Samsung 850 EVO 250Gb + ST1000DM003 + ST2000DM003 + HGST HDS723020BLA642 + Maxtor 6V250F0 / CM Seidon 240M / Zalman MS800 / CM MWE 550
AMD Ryzen 7 1800X / B350 / 2x8GB Samsung DDR4-2400 CL17 / NVIDIA GTX 1070 8GB / SSD 120GB + ST4000DM004 + ST6000DM003 / EVGA Supernova 650 G2 -
I already checked the rootkits last night and nothing, and I couldn't use hijackthis because the wifi connections get stuck, so this morning I messed around a bit and decided that it would take less time to shave the OS and reinstall than to spend the day trying to fix it by ear.
Full format, reinstall, backup and run antivirus on the partition where I keep the drivers and the "serious" programs... nothing. From there I install and restore until I get to DaemonTools... And it starts again!
I uninstall it, run CCleaner, restart and it's good again. I install an older version (I always keep the older versions that I check work well, both in applications and drivers) and it works normally.Curious, isn't it?
-
So it's Daemon Tools... So I must also be losing bandwidth as if there were no tomorrow
I'll take a look... EDIT:
Well, with Daemon Tools not working (which is how I had it xD) there don't seem to be any strange connections, apart from those of Firefox, Dropbox and SugarSync. I'll go to sleep peacefully
Best regards
>> i7-2600K Sandy Bridge @4.4GHz || Noctua NH-D14 || ASRock Z77 Extreme4 || 4x8Gb G.Skill Ripjaws X DDR3 1600MHz || XFX RX 5700 XT 8Gb || SSD Samsung 850 PRO 256Gb & 850 EVO 500Gb || WD Caviar Green 1Tb || Barracuda 1Tb || Corsair TX650 V2 || M-Audio Fast Track Pro || KRK RP8 RoKit G3 || BenQ GW2750 27"
>> Athlon 64 X2 5600+ Brisbane @2.9GHz || Gigabyte GA-M61PME-S2 || 2x2Gb DDR2 Kingston 800MHz || Sapphire Radeon HD 5850 Xtreme 1Gb || Maxtor 320Gb SATA2 || OCZ ModXStream 500W Modular || TEAC PowerMax 120/2 || Acer X243w 24"
>> Intel Core2Duo E6600 Conroe @2.4GHz || Asus P5N32-SLI SE DELUXE || 2x1Gb DDR2 Kingston 800MHz || Asus nVidia GeForce 9800GT 1Gb GDDR3 || Seagate Barracuda IDE 80Gb 7200RPM || Linkworld LPK12-35 450W -
Well, I'm not blaming the DT, but rather the DT that I already had downloaded on my hard drive, which, even if I downloaded it from the official site or from that one with the name of the soft drink that you put in gin, could have easily "constipated" while it was on my computer.
Constipated in a very bad way, because neither before, during, nor after did it trigger the "Abirria" or the RUBooted.Edit: Did you have any strange connections before? O.o
Edit: So that this doesn't just end up as a stumble of a fool when he found the nail, I will describe the "tools" I used below:
Process Explorer for me an indispensable program, old but capable of offering an incredible amount of information about open processes and their resources.
ComboFix
HijackThis
RogueKiller
OTL
CCCleaner
MalwareBytes
ADWCleanerI won't go into antivirus, because it's a never-ending story, and on the subject of rootkits, Fassou has already put the link. ;D
-
Nothing nothing, I'm not saying it was the DT either, but since it happened to you, you had to check just in case, which is just a moment and that's how you stay calm xD
Everything is as it was before, that is, correctlyThanks for sharing the steps and programs you used, this post will be very useful and will definitely help many
Best regards!
P.D.: Yes, I said I was going to sleep at 12 and here I still am… :ugly: Blessed final exams... :alone:
