Jump to content

chrispm

Member
  • Posts

    1
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    United Kingdom

Everything posted by chrispm

  1. I don't know if this is going to help anyone, but I have actually fixed a machine with this running on it, although it was NOT easy and I needed to use a fair few tools to get it going. My first point of call was to run RootAlyzer (from the SpyBot website) - this highlighted some files that were hidden from Windows (use the deep scan option for best results). You could not unhide them in any way, shape or form. So I booted from a Linux Live CD and sure enough, I was able to find and remove the offending files. Another package I used was Process Master 1.1 (Trial) - it highlighted a hidden process that was running, and told me where the file was located - again, I could not delete this - even in Safe Mode, so another boot into Linux Live sorted that out. I was then able to run the normal spyware tools (Combofix, Malware Bytes, SuperantiSpyware etc) - all of the tools found something, but they are all clear. I found an extra entry for 127.0.0.1 in the hosts file, and checking the Internet Options found a proxy apparently running locally on IP 127.0.0.1 on port 7171. From there on in, I used Regedit to find all instances of %fystemroot%. I re-enabled Windows Updates and Background Intelligent Transfer and can download updates. Finally, Kaspersky is now finding nothing on the PC....
×
×
  • Create New...