So I need help with what seems to be some advanced malware on my computer So far I've ran BitDefender, MalwareBytes and Avast and neither seems to be able to get rid of it.
Basically I installed an evident trojan and only figured out what it was until after the fact, and it installed a whole bunch of garbage on my computer, most of which MalwareBytes was able to get rid of. But it's also installed 3 folders in my Appdata>Local which I can't delete on this OS no matter how much I try. I've tried taking ownership, deleting on safe mode and deleting after reboot, neither of which works. The only way I've managed to get rid of them is by booting on my second partition (different Windows install). The thing is, they seem to come back after I reboot into my main partition. I've attached a pic of the processes they run and the folder themselves. They seem to hog some resource from time to time which slows down whichever game I'm playing by a lot. I'm pretty much unable to access or modify the files in any way while I'm booted on the OS they got installed to.
Any advice on how to get rid of this shit ? I'm out of ideas. Ideally, I don't want to have to reformat my partition.
Connor Young
boot the computer from a live cd, mount the partition and delete the files
run combofix
install gentoo
Eli Moore
Deleting the files isn't the issue. Like I said, I was able to delete them when I booted on my secondary OS install. The problem is for some reason they come back (it seems to be after some time when the computer is rebooted).
I'll check out combofix. I'm more interested in keeping Windows though. Thanks.
Owen Morris
Install malwarebytes on a live cd/usb drive and boot to it, let malwarebytes do it's thing
Landon Cooper
That's actually really smart. I'll do that. Would running MalwareBytes from a different Windows install on the same partition have the same effect ?
Nathan Kelly
I don't mean in a Windows install, MalwareBytes has an actually bootable version of it specifically made for rootkits like the one you have
Daniel Cox
Is that the mbar executable in the MalwareBytes install ? So do I just install MalwareBytes on a USB drive, boot the computer into it and run mbar.exe or how does that go ?
Ryder Peterson
>Any advice Reinstall Windows. I would not trust that PC regardless of what the used antivirus claims after "cleaning" it. Also scan the other remaining drives/partitions with something like MBAM.
Nathaniel Brooks
No, just get Hiren's Boot CD if you don't know
Jose Anderson
This. Just start again and be more careful in future.
Elijah Stewart
Surely I can keep monitoring my PC and if it pops up again, I'll just reinstall. My other partition doesn't seem to be affected, it seems like it's just the primary one that I installed it on. It was an initial huge hassle to migrate from my 2 TB HDD to my 240 GB SSD, I really don't wanna have to spend the next 3 days reinstalling every driver and carefully copy pasting all my data.
Is that as efficient at cleaning out rootkits as MalwareBytes ?
Anthony Harris
You need to hunt it down yourself.
Grab a copy of the offending executables. Upload them to virustotalDOTcom. Of all the positive results, check the antivirus knowledge base for information on that specific malware. Sometimes you can get pretty good info on removal, repair of any damage done and prevention.
Trojans like to sneak into the windows registry, trying to autorun themselves at boot or at logon. Search the registry for the name of the offending executables. You're likely to find the compromised keys/values.
Sometimes malware infects legit executables. As soon as you run any of them you're back where you started.
Daniel Reyes
Hiren's Boot CD contains a bunch of useful tools, one of them of course is MalwareBytes
Nolan Watson
Clean windows install, format that shit seriously.
Oliver Ramirez
Never used HBCD myself. Gotta check that out, sounds interesting.
Asher Martinez
>I can keep monitoring my PC and if it pops up again, I'll just reinstall If its a Trojan why would it pop-up?
>3 days reinstalling every driver and carefully copy pasting all my data How will that take 3 days? Just install Windows on the SSD and then (after making sure they are virus free) copy your files back.
Brandon Sanchez
Monitoring his task manager perhaps? It could pop up there. I dont think he literally means waiting for a window to pop up.
Carter Rivera
I mean monitor for its executables like that cokabis.exe thing.
It was just a major pain having to reinstall every C++ Redistributable and make sure all my Steam games worked fine etc.
Christopher Watson
>monitor for its executables Do you really want to be doing that on a regular basis?
>reinstall every C++ Redistributable Pretty sure Steam does this automatically when you launch a game for the first time. It doesn't take long.
Jacob Martinez
I'm mostly always running the task manager in the background and I check it pretty regularly. I guess I'll give that Hiren's Boot CD thing a shot and if it doesn't workout, I'll reformat and reinstall Windows.
Thanks for the help, everyone.
Dominic Ortiz
>C++ Redistributables I keep these on a folder just in case. Sometimes you just wanna keep the gaming rig offline.
