Jump to content

rootkit.fileless.mtgen


Recommended Posts

Recently upgraded from Win7 to Win10, Toshiba laptop.

Malwarebytes finds three files with: "rootkit.fileless.mtgen"

plus one more

(will get back on that pc here in a few minutes,  but don't have the full information available at this posting.  PC is air-gapped for the time being.)

Quarantines, and appears to remove the files, then all the files show up again when rebooted and re-scanned. 

Nothing is showing anymore using either GMER and Sophos, but continues to appear in Malwarebytes.
 

 

Link to post
Share on other sites

Hello peacefulbend and welcome to Malwarebytes,

Can you post the logs from GMER, Sophos and Malwarebytes. Also run the following and post the two produced logs....

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach that log to your reply.


Thank you,

Kevin....

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.