Jump to content


Recommended Posts

I have run several full system scans today. Each scan finds a Registry Value, a Registry Key and three files in my user profile that are identified as Rootkit.Fileless.MTGen. I quarantine and delete the threats, start another scan and the same threats have returned. Malwarebytes has also been blocking outbound connections trying to export C:\Windows|SysWOW64\regsvr32.exe. I have a sick system. Malwarebytes scans are not removing the problem. I have also run Norton Eraser with no luck. Does anyone have any suggestions?


Link to post
Share on other sites

It appears that I have repaired my system. I booted into safe mode and ran Norton Power Eraser and it found the threat. There was a task running that would reinfect the PC after Malwarebytes removed the infection. Malwarebytes was detecting and removing the children infections and not the parent. 

Link to post
Share on other sites

Hi Hayseed,

Thank you for sharing your findings with us! It's much appreciated.

Would it be possible to provide a copy of the Norton Power Eraser log/report that contains details of the detection please? You should be able to find the log in the following directory: %localappdata%\NPE

In addition, it would be very helpful to review the reports generated by Malwarebytes. This can be collected using the tool below.

ax95aeM.png Malwarebytes (MB) Check

  • Please download MB-Check and save the file to your Desktop.
  • Double-click mb-check.exe to run the program.
  • A black Command Prompt window will briefly appear. Click OK upon completion.
  • A log named HSPwQfy.png mb-check-results.zip will be saved to your Desktop.
  • Please attach the file in your next reply. 

Thank you!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.