Sneaky RootKit help needed

[JinxiePlz]

Hey guys, sorry about necro-ing this thread but I do have the exact same issue as EniNeu

A scan with GMER reveals this as well :

Service  C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** )
[BOOT] WdBoot        <-- ROOTKIT !!!

Service  C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** )
[BOOT] WdFilter        <-- ROOTKIT !!!

Service  C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden ***)
[AUTO] WinDefend    <-- ROOTKIT !!!

I am wondering if I should attempt deletion through GMER or if there is a better way.

Just in case this might be a false positive I've attached a log of the complete scan.

Thank you in advance

CHRONOS gmer scan 03.05.17.log

[AdvancedSetup]

Hello @JinxiePlz and

Please download and run the following rookit scanner

 

 

Thanks

Ron

 

[JinxiePlz]

Thanks for moving me to a separate thread !

so I did run the complete scan and then reboot. Now GMER is instead showing me this, running a full scan now and also rescanning with the Malwarebytes Rootkit utility ! 

[JinxiePlz]

Quick update, the computer gave me a BSOD when I attempted a GMER full scan.

And when I rebooted it showed me this (pic related).

I'm now attempting a MalwareBytes rootkit utility scan first before attempting another GMER !

Sorry again for the trouble 

[AdvancedSetup]

I don't need the GMER log. GMER is very sensitive to issues and false positives. We'll use other tools to see what's going on.

Thank you

 

[JinxiePlz]

My apologies, I'll refrain from posting further GMER logs, as for the MalwareBytes anti-rootkit : it finished its scan and indicates no malware found ! 

[AdvancedSetup]

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.