worm - using shell, freedos kernel, hijacks network
I have huge problems the last 2 weeks. Got a virus that mods admin rights, adds a shell, hijacks router and all cellphones and computers connected to it.
I have no chance to remove it (I have tried all majorgeeks.com methods) nothing works. I cant use cmd, I cant repair. All tasks, programs, commands run thru shell and gets reversed.
This is what I know about it:
Adds freedos kernel replacing config.sys with a heavily modded fdconfig.sys
Mods the mbr
Adds tons of shadow disks into high memory with himem.exe
Replaces the BIOS version and modify the system time.
Adds huge amount of entries in the register.
Adds delay timers on CD-ROM, keyboard,.mouse, all usb devices
Grants super admin rights to NT authority. Removes all rights to other users
Programs I have seen added in the register:
Messenger live mesh
Messenger live writer
I write this from memory as my comp is totally destroyed.
There is basically 100's of added programs.
This is what I have tried: (that doesn't work)
Restore or update BIOS from cd
using any kind of logging/removal tool
Restore, repair, reinstall from authentic windows cd
Repair mbr with fdisk using rescue cd
Using Kaspersky rescue disk via CD-ROM and usb
Using new ssd disk and new motherboard.
Hard reset of motherboard.
Using a usb to SATA adapter to format ssd (worm uses a block device command)
All this tried with no internet connection.
Asus eee 1101ha laptop win7 sp1
Msi x370 win7 home premium sp1
HTC desire with Android 2.3
Asus sabertooth motherboard
Win7 home premium sp1 fully patched
Intel I7 920 CPU
Before you ask me to use system repair, add logs here. Remember. It doesn't work. All commands, programs and tasks is shelled, redirected and reversed.
Even cmd, F8 options etc
|Thread||Thread Starter||Forum||Replies||Last Post|
|Hijacks||doc Holliday||Malware Removal||5||06-03-11 13:48|
|Just wondering - Loading FreeDOS FAT KERNEL Go!||Amjad||Software||2||05-30-07 06:14|
|possibly more hijacks...||RayJay||Malware Removal||10||07-18-06 00:12|
|Hijacks R us!!!||Deb||Malware Removal||1||04-14-05 23:06|
|Only the Best and other hijacks||Scaryduke||Malware Removal||13||07-24-04 04:14|