|
Post by fjinmotion on Oct 25, 2016 20:29:46 GMT -8
|
|
|
Post by fjinmotion on Oct 25, 2016 21:15:18 GMT -8
No virus found on the Norton scan.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 25, 2016 21:45:26 GMT -8
You should be able to turn your OneDrive and other syncs back on now. It seems that the Trojan was able to hide a re-spawning routine from the standard scanners.
Once your syncs are back on, see if Norton finds the Trojan once more.
|
|
|
Post by fjinmotion on Oct 26, 2016 18:38:09 GMT -8
This morning ran into a new problem when booting up - Kmode_exception_Not_handled. Unable to boot up, several attempts by window to repair itself, then it booted. Virus scan was clean at that time. After the scan I did a shut down, went to work. When I tried booting again after work many unsuccessful attempts to boot, windows could not go back to a restore point, but finally repaired itself enough to boot up. Ran Norton scan and virus showed up again.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 27, 2016 7:59:53 GMT -8
Download the latest version of TDSSKiller from here and save it to your Desktop. [/b] to run the application, then click on Change parameters. [*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK. [*]Click the Start Scan button. [*]If a suspicious object is detected, the default action will be Skip, click on Continue. [*]If malicious objects are found, they will show in the Scan results and offer three (3) options. [*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. [*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.[/ul] A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
|
|
|
Post by fjinmotion on Oct 27, 2016 10:08:49 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 27, 2016 22:21:44 GMT -8
Run Malwarebytes Antirootkit once again. Again, please post all the logs it produces. Thanks.
|
|
|
Post by fjinmotion on Oct 28, 2016 12:27:33 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 29, 2016 0:08:17 GMT -8
Wow. Got to say that this is the first time I've ever seen this malware return and have the exact same files, name and locations. The payload file has to be in one of the sync / backup locations.
Did you install Google+ AutoBackup or is this an add-on from a different product?
Do you use the web interface for your gmail or an email application (Outlook, Thunderbird, etc.)?
|
|
|
Post by fjinmotion on Oct 29, 2016 6:08:56 GMT -8
Did you install Google+ AutoBackup or is this an add-on from a different product? -- I've never installed/used Google + Autobackup.
Do you use the web interface for your gmail or an email application (Outlook, Thunderbird, etc.)? -- web interface
|
|