Jump to content

elorei

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by elorei

  1. The driver listed as Pakes will not allow itself to be uploaded to virustotal, nor copied, moved, etc. The file being found by MBAM for the backdoor is ndisio which is a known nasty, however, it is not listed in explorer at all (all system and hidden files are showing).
  2. So far it seems fine, however after doing this, MBAM is once again finding backdoor.bot in my registry, and even has found a nice rootkit.pakes.....both of which I am afraid to remove, for obvious reasons, hehe.
  3. An addendum, the extra network adapters are still there in devman and are still irremovable, however, they seem to no longer have any effect at all on connectivity; leading me to believe the extra adapters are a red herring, and the real culprit is a mangled TCPIP.
  4. More info, in case it helps. I used the netsh command to reset tcpip and winsock. Rebooted, system came up and hard shut down from a RCP. Restarted comp, no RCP, but no explorer. Went to registry and removed the key for explorer from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe So far, so good.
  5. The extra network drivers do not pop up *UNTIL* you run MBAM and restart the comp to delete locked items. Hope that helps.
  6. I am in the exact same boat. I ran the removal progy, it deleted on reboot a few nasties, and then when I reboot, my network is shot, exact same as above, with additional network adapters followed by a "-". Cannot remove the extra network adapters, windows thinks they are needed for bootup. The network adapters (the fake ones) all have addresses that are PASSTHRUMP (ROOT\MS_PASSTHRUMP\0002), not a normal address. When malware bytes removed backdoor.bot, it only affected an area of the registry in services (registry keys), hkeylocalmachine\system\currentcontrolset\passthru (and again for control set 01 and 02). Also, upon removal, a new folder was added to my drived called avenger, which windows replicated upon a system restore. I am now unable to do system restores at all. I would give you logs, but the comp has no internet connectivity anymore. Desperately need help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.