Your question

Need help removing what I think is malware.

Tags:
  • Malware
Last response: in Antivirus / Security / Privacy
October 27, 2014 9:54:12 AM

Good evening,
I ran into a huge problem (Malware I suppose). I'll try to desribe the problem as detaily as possible, so bare with me.
First of all, someone keeps trying to log into my accounts (Facebook, Blizzard, Gmail), but the access keeps getting blocked due to their location. Since I've used so many anti-viruses, I got myself convinced, that it's not a virus. Everytime when I get an email, whichs says that someone's trying to log into my account, I change my password quickly, but yet again, after a month or so someone tries to log in again. I'm out of ideas what could it be, also my keyboard's functions randomly change (every single button changes it's functions, for example: number 1 (not on the numpad) opens up the first program on my taskbar, letter H (I think) locks my computer). And most of the times it happens, I see my mouse move just a little. Also, I sometimes see my mouse move randomly, without me touching it.
I tried AVG paid version, ESET, CCleaner, IOBIT programas, SUPERAntiSpyware, Malwarebytes paid version, comodo, Spybot - Search and Destroy, Combofix, Microsoft Essentials and few others.
Sorry for the long text. I really hope you'll understand the problem.
Thanks in advance.
P.S. I'm using Win7.

More about : removing malware

October 27, 2014 9:58:51 AM

Sounds like you need to wipe the computer and start over. Might even have a rootkit hiding in the boot sectors of the drive, so a low-level format might be necessary.

Bitdefender Rescue CD has worked a few times on my father's machine when combofix didn't do the job.

m
1
l
October 27, 2014 10:04:54 AM

Eximo said:
Sounds like you need to wipe the computer and start over. Might even have a rootkit hiding in the boot sectors of the drive, so a low-level format might be necessary.

Bitdefender Rescue CD has worked a few times on my father's machine when combofix didn't do the job.



I've reinstalled my windows few times already (about 3-5 months ago) but the problem started 2 years ago, or so.
m
0
l
Related resources
October 27, 2014 10:07:20 AM

Sounds like a rootkit and keylogger.

Try kaspersky and bitdeffender (kaspersky has a tdssrootkit program that you might try as well).

If that does not work then just going to have to wipe windows.
I suggest using bitdefender or strong anti-virus software with a good firewall.
m
0
l
October 27, 2014 10:09:35 AM

boosted1g said:
Sounds like a rootkit and keylogger.

Try kaspersky and bitdeffender (kaspersky has a tdssrootkit program that you might try as well).

If that does not work then just going to have to wipe windows.
I suggest using bitdefender or strong anti-virus software with a good firewall.


I'm pretty sure I used BitDefender earlier, it didn't find anything suspicious. (I wasn't running the scan in safe mode I think).
I'll try tdssrootkit right away, even though I've tried malwarebyte's and AVG's rootkit scans. :( 
P.S. I did use TDSSKiller, my bad.
m
0
l
October 27, 2014 1:08:23 PM

No a bitdefender rescue CD is a bootable OS with anti-virus and anti-malware tools. This is not the same as the Bitdefender client for Windows.

It does not require your OS at all. That way nothing of whatever malware is possibly running when it starts up. Since the CD is read only there is no chance of contamination.

At this point you need to be looking at low-level formats of drives, flashing the BIOS, all without using your existing OS to ensure you have a clean machine.

Might also reset your router to factory defaults and get it a firmware update from a clean machine.

You would be surprised where they can hide malware.
m
1
l
October 27, 2014 2:17:44 PM

Eximo said:
No a bitdefender rescue CD is a bootable OS with anti-virus and anti-malware tools. This is not the same as the Bitdefender client for Windows.

It does not require your OS at all. That way nothing of whatever malware is possibly running when it starts up. Since the CD is read only there is no chance of contamination.

At this point you need to be looking at low-level formats of drives, flashing the BIOS, all without using your existing OS to ensure you have a clean machine.

Might also reset your router to factory defaults and get it a firmware update from a clean machine.

You would be surprised where they can hide malware.


I was thinking that it might be an open port at first, but now I highly doubt it, due to the fact that I checked the ports (I hope I did closely enough), if you could guide me through this stuff I'd be grateful.
Thank you for your answers.



m
0
l
October 27, 2014 3:02:01 PM

The BitDefender application starts automatically, if memory serves; a bit slow to launch/start the antivirus engines, update, etc., but, be patient, it is easy to use, if not fast.
m
1
l
October 28, 2014 10:08:56 AM

Staem said:
Good evening,
I ran into a huge problem (Malware I suppose). I'll try to desribe the problem as detaily as possible, so bare with me.
First of all, someone keeps trying to log into my accounts (Facebook, Blizzard, Gmail), but the access keeps getting blocked due to their location. Since I've used so many anti-viruses, I got myself convinced, that it's not a virus. Everytime when I get an email, whichs says that someone's trying to log into my account, I change my password quickly, but yet again, after a month or so someone tries to log in again. I'm out of ideas what could it be, also my keyboard's functions randomly change (every single button changes it's functions, for example: number 1 (not on the numpad) opens up the first program on my taskbar, letter H (I think) locks my computer). And most of the times it happens, I see my mouse move just a little. Also, I sometimes see my mouse move randomly, without me touching it.
I tried AVG paid version, ESET, CCleaner, IOBIT programas, SUPERAntiSpyware, Malwarebytes paid version, comodo, Spybot - Search and Destroy, Combofix, Microsoft Essentials and few others.
Sorry for the long text. I really hope you'll understand the problem.
Thanks in advance.
P.S. I'm using Win7.


m
0
l
October 28, 2014 10:14:38 AM

Staem said:
Good evening,
I ran into a huge problem (Malware I suppose). I'll try to desribe the problem as detaily as possible, so bare with me.
First of all, someone keeps trying to log into my accounts (Facebook, Blizzard, Gmail), but the access keeps getting blocked due to their location. Since I've used so many anti-viruses, I got myself convinced, that it's not a virus. Everytime when I get an email, whichs says that someone's trying to log into my account, I change my password quickly, but yet again, after a month or so someone tries to log in again. I'm out of ideas what could it be, also my keyboard's functions randomly change (every single button changes it's functions, for example: number 1 (not on the numpad) opens up the first program on my taskbar, letter H (I think) locks my computer). And most of the times it happens, I see my mouse move just a little. Also, I sometimes see my mouse move randomly, without me touching it.
I tried AVG paid version, ESET, CCleaner, IOBIT programas, SUPERAntiSpyware, Malwarebytes paid version, comodo, Spybot - Search and Destroy, Combofix, Microsoft Essentials and few others.
Sorry for the long text. I really hope you'll understand the problem.
Thanks in advance.
P.S. I'm using Win7.


m
0
l
October 28, 2014 10:17:04 AM

Staem said:
Good evening,
I ran into a huge problem (Malware I suppose). I'll try to desribe the problem as detaily as possible, so bare with me.
First of all, someone keeps trying to log into my accounts (Facebook, Blizzard, Gmail), but the access keeps getting blocked due to their location. Since I've used so many anti-viruses, I got myself convinced, that it's not a virus. Everytime when I get an email, whichs says that someone's trying to log into my account, I change my password quickly, but yet again, after a month or so someone tries to log in again. I'm out of ideas what could it be, also my keyboard's functions randomly change (every single button changes it's functions, for example: number 1 (not on the numpad) opens up the first program on my taskbar, letter H (I think) locks my computer). And most of the times it happens, I see my mouse move just a little. Also, I sometimes see my mouse move randomly, without me touching it.
I tried AVG paid version, ESET, CCleaner, IOBIT programas, SUPERAntiSpyware, Malwarebytes paid version, comodo, Spybot - Search and Destroy, Combofix, Microsoft Essentials and few others.
Sorry for the long text. I really hope you'll understand the problem.
Thanks in advance.
P.S. I'm using Win7.





The best program to get rid of malware is spyhunter4 I have bee having the same issues and since using this it got rid of everything.On top of it there support system is very helpful for any issues your not sure of.

m
0
l
October 28, 2014 10:18:32 AM


The best program to get rid of malware is spyhunter4 I have bee having the same issues and since using this it got rid of everything.On top of it there support system is very helpful for any issues your not sure of.


m
0
l
October 28, 2014 10:56:26 AM

I recently did a BitDefender Rescue CD scan, it found few android file errors and a file, which was infected by Gen:Variant.Kazy.474306. But this file is new pretty new, and the problems started a year or so before.
Should I run another Rescue CD? Kaspersky, F-Secure, AVG?

Sunday, 2013, May 19 16.07.12 UTC
IP adress: 223.198.241.20
Location: Sanya, Hainan, China

This is was the first time when it happened (someone tried to log into my gmail), and the file which was infected was about 2-3 months old.
m
0
l
October 29, 2014 7:20:11 AM

Also, I noticed that I cannot open proccess's csrss.exe file location, and it doesn't have any description near it. Should I be worried about it?
m
0
l
October 30, 2014 1:10:42 AM

csrss.exe is a normal Windows program, not intended for starting/stopping/suspending, etc.....; leave it as is, lest your OS become, 'bricked'... :) 
m
0
l
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS