Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



chrispm

Member
  • Content count

    1
  • Donations

    $0.00 
  • Joined

  • Last visited

Community Reputation

0 Neutral

About chrispm

  1. I don't know if this is going to help anyone, but I have actually fixed a machine with this running on it, although it was NOT easy and I needed to use a fair few tools to get it going. My first point of call was to run RootAlyzer (from the SpyBot website) - this highlighted some files that were hidden from Windows (use the deep scan option for best results). You could not unhide them in any way, shape or form. So I booted from a Linux Live CD and sure enough, I was able to find and remove the offending files. Another package I used was Process Master 1.1 (Trial) - it highlighted a hidden process that was running, and told me where the file was located - again, I could not delete this - even in Safe Mode, so another boot into Linux Live sorted that out. I was then able to run the normal spyware tools (Combofix, Malware Bytes, SuperantiSpyware etc) - all of the tools found something, but they are all clear. I found an extra entry for 127.0.0.1 in the hosts file, and checking the Internet Options found a proxy apparently running locally on IP 127.0.0.1 on port 7171. From there on in, I used Regedit to find all instances of %fystemroot%. I re-enabled Windows Updates and Background Intelligent Transfer and can download updates. Finally, Kaspersky is now finding nothing on the PC....
×