Virus / Rootkit Cant Remove

Toggle sidebar Toggle sidebar
J

jitter1127

Honorable
Sep 23, 2014
43
0
10,540
Usually i am good at getting rid of stuff, but this has me stumped. I have avast on my PC, but managed to get something nasty. I have something that is blocking most rootkits / antivirus programs from running. I can run malwarebytes and it removes stuff, but it comes back. I downloaded the malware bytes rootkit program and it wont open. I also can not open tdsskiller or a few other things i have tried. I also tried the inherit program and it wont open. I did get an eset scanner to work, and it found a couple things, but nothing major. Not sure what to do at this point
 
Solution
J
Well I gave up. I "upgraded" windows from the iso file so I did not lose anything or have to reformat. So far everything works. Still clueless as to what I had. I ran ClamAV in linux and it did not find it. I did find some folders that I think had to do with it, but I found 0 information online. In my startup from (powershell) I have a thing called "neverending" but it was not active. I also had a folder called blunkett and littered in program files that contained a file called "footlocker." I had removed them previously though. Since i redid my windows I was able to run the malware rootkit program and it found a file called "wdbmptwz.sys" in the system32\drivers folder. Malwarebytes labeled it as a rootkit.agent.pua. I have...
Sort by date Sort by votes


Try Herd Protect Portable.
https://www.herdprotect.com/installers/herdProtectScan_Portable.exe
Direct Link.
 
Upvote 0 Downvote
Thanks I was able to get it to run, and it located a couple things, but nothing major. I am still having problems.

I can not click in the search box in windows.
I can not left click on the start logo in windows. (I can right click though)
Lots of anti-virus / spyware / rootkit programs will not open or run
I have a folder in my appdata / local folder called spndzou that I can not open or access. I did delete after booting into another version of windows, but it came back.
Earlier I kept getting a error about every 30 seconds that said "exceeded has stopped working" and it was tied to a file called footlocker. I was able to remove that, and it solved the "exceeded has stopped working" but not the other issues.
The malwarebytes stand alone root kit tool says "system seems inaccessible or encrypted" and wont scan. The original malwarebytes scans and supposedly checks for rootkits, but it is coming up clean.
I have tried fixing the start button and search bar through the powershell commands with no luck.
I also have a file called lmegzbdsvc.exe that is in my system32 folder that I think is trouble. I can remove it by booting into another windows version, but it comes back.

I am at a loss at this point.
 
Upvote 0 Downvote
Well I gave up. I "upgraded" windows from the iso file so I did not lose anything or have to reformat. So far everything works. Still clueless as to what I had. I ran ClamAV in linux and it did not find it. I did find some folders that I think had to do with it, but I found 0 information online. In my startup from (powershell) I have a thing called "neverending" but it was not active. I also had a folder called blunkett and littered in program files that contained a file called "footlocker." I had removed them previously though. Since i redid my windows I was able to run the malware rootkit program and it found a file called "wdbmptwz.sys" in the system32\drivers folder. Malwarebytes labeled it as a rootkit.agent.pua. I have never had anything where I could find absolutely no information and was totally clueless. One other file I questioned that seems to keep coming back is lmegbzbdsvc.exe. Once again no info online about it...
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom