weird rootkit that I can't pinpoint

Discussion in 'malware problems & news' started by garegin, Sep 29, 2013.

Thread Status:
Not open for further replies.
  1. garegin

    garegin Registered Member

    Joined:
    Sep 29, 2013
    Posts:
    1
    Location:
    United States
    Hi

    I have difficulty with a tricky rootkit. I am saying rootkit because I can't even detect it with an offline scan of defender/security essentials. Few tell tales

    1. can't install updates/checkSUR
    2. event viewer shows that shutdown.exe is called periodically to restart my system. I have subsequently deleted shutdown.exe to sabotage the restart process.
    3. after the restart the OS partition is switched to hidden, so that Windows doesn't boot all the that. I have to manually switch it to 0x07 offline.

    I ran GMER but didn't find anything.

    The only way that I'm thinking is to trace the processes and see when and how the partition is switched to hidden.
    Do you guys want an offline dump of my mbr and boot sector? I don't actually know the best tool to do it. I have already done both bootrec /fixmbr and /fixboot. No go.
     
    garegin, Sep 29, 2013
    #1
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,878
    Location:
    U.S.A.
    garegin, first, welcome to Wilders!

    Perhaps a review of If you are currently infected, and seeking dedicated help in any one of the sites listed there, would be your best bet. Wilders stopped one-on-one malware cleaning services awhile back.

    Thread closed per Policy.
     
    JRViejo, Sep 30, 2013
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...