Kuaizip Virus Just seems to leave remnants - Malwarebytes scan for rootkits - BSOD

ShauryaVerma

Distinguished
Jul 20, 2011
7
0
18,510
Hi,

WHAT HAPPENED:

I got this virus while trying to install Fisheye Hemi a few months ago. The installer was clean but it downloaded some shit that totally screwed up my Windows. After trying Malwarebytes 2.2 and deleting all autoruns from Ubuntu, and quite a few other things I seemed to have got rid of it. (More details on what happened at the end of the post.)

WHAT REMAINS:

However my firefox still opens two tabs with URLs - 0.0.0.0. and 0.0.0.2 alongwith what was open in my last session. Also, from time to time, on scanning with MBAM 2.2 I get some threats in the results which I delete. (I wasn't aware of turning on the “Scan for Rootkits” option)

Screenshots:

1. of 0.0.0.0: https://imgroll.net/images/2017/03/29/0000firefox.png

2. of the missing firefox ico: https://imgroll.net/images/2017/03/29/firefoxicon.png

On reading good reviews online, I decided to download and run MBAM 3 today instead of 2.2. On running the scan, with SCAN FOR ROOTKITS ON, my comp BSODs on me. Was it the virus preventing MBAM from detecting/deleting it?

Do the symptoms point towards anything specific? I'm afraid of opening any sensitive documents fearing that all may be getting leaked. What's going on with my comp?

*************

PC Specs:

CPU: Intel core i7-2630QM

GPU: AMD radeon 6770 (fried, so I only use the intel one)

HDD: 250GB Samsung Evo 850

OS: Win 7 x64


*************

More Details on what happened then:

VIRUS ON 2016-11-06

Had shitloads of popups.. some perf monitoring software

1. Deleted weird Chinese etc processes (computerztray computerzprocess) in the task manager : https://imgroll.net/images/2017/03/29/taskmanager.png

2. Simultaneously, kept running MBAM and deleting stuff

3. Deleted weird looking stuff after booting into linux

4. Started up.. sometimes it won’t start up..
a. Black screen after logon
b. right clicked and ended some weird processes
c. the desktop loaded

5. Kept running MBAM and deleted other processes and got some virus strings like in the screenshot: (look at the bottom left, and on those stupid icons on the right and top right) https://imgroll.net/images/2017/03/29/ondeletion.png .

6. Removed stuff from the hosts file
i. notepad %windir%/system32/Drivers/etc/hosts
ii. kept as a backup there itself

1. had to modify permissions of the hosts file to save it.

VIRUS STRINGS ON SCANNING
1. KuaiZip: https://imgroll.net/images/2017/03/29/kuaizip.png