I need help getting rid of this darn persistent virus / malware...
Symptoms, etc...:
win 7 pro 64
found by malwarebytes: Trojan.Dropper.ED
"removes" when malwarebytes runs...but it comes back when using ie. (v. 10 btw)
creates new processes called conhost41.exe
and runs multiple versions of svchost.exe (which take a lot of memory)
and puts svchost.exe (not a link!) in the startup folder
multiple registry entries...Backdoor.Bot (found by malwarebytes)
...
(HKU\S-1-5-21-90346377-3611238730-817758057-1000-{ED1FC765-E35E-4C3D-BF15--2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchost86x.sys)
...
and it creates c:\users\user\appdata\local\temp\e.dll (found by malwarebytes)
and c:\program files (x86)\internet explorer\version.dll (found by malwarebytes)
And I have 20 years as an IT consultant and I can't remove this!
After rebooting, (like mwb instructs) it acts clean, but it keeps coming back...
I've tried Kapersky anti rootkit, doesn't detect.
Neither does TrendMicro Housecall detect.
I have legal pleadings and medical documents to work on, and I'm trying to fix my car. I'm stranded in the middle of nowhere in Oregon after accidentally driving into the ocean - super foggy at night! So I have very limited internet and cell phone service. I'm needing some major help with this and any help would be very much appreciated. The technology gods would smile upon th33.
Thanks so much in advance!
Jay
Symptoms, etc...:
win 7 pro 64
found by malwarebytes: Trojan.Dropper.ED
"removes" when malwarebytes runs...but it comes back when using ie. (v. 10 btw)
creates new processes called conhost41.exe
and runs multiple versions of svchost.exe (which take a lot of memory)
and puts svchost.exe (not a link!) in the startup folder
multiple registry entries...Backdoor.Bot (found by malwarebytes)
...
(HKU\S-1-5-21-90346377-3611238730-817758057-1000-{ED1FC765-E35E-4C3D-BF15--2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchost86x.sys)
...
and it creates c:\users\user\appdata\local\temp\e.dll (found by malwarebytes)
and c:\program files (x86)\internet explorer\version.dll (found by malwarebytes)
And I have 20 years as an IT consultant and I can't remove this!
After rebooting, (like mwb instructs) it acts clean, but it keeps coming back...
I've tried Kapersky anti rootkit, doesn't detect.
Neither does TrendMicro Housecall detect.
I have legal pleadings and medical documents to work on, and I'm trying to fix my car. I'm stranded in the middle of nowhere in Oregon after accidentally driving into the ocean - super foggy at night! So I have very limited internet and cell phone service. I'm needing some major help with this and any help would be very much appreciated. The technology gods would smile upon th33.
Thanks so much in advance!
Jay