Hayseed Posted June 2, 2017 ID:1132223 Share Posted June 2, 2017 I have run several full system scans today. Each scan finds a Registry Value, a Registry Key and three files in my user profile that are identified as Rootkit.Fileless.MTGen. I quarantine and delete the threats, start another scan and the same threats have returned. Malwarebytes has also been blocking outbound connections trying to export C:\Windows|SysWOW64\regsvr32.exe. I have a sick system. Malwarebytes scans are not removing the problem. I have also run Norton Eraser with no luck. Does anyone have any suggestions? Link to post Share on other sites More sharing options...
Hayseed Posted June 2, 2017 Author ID:1132478 Share Posted June 2, 2017 It appears that I have repaired my system. I booted into safe mode and ran Norton Power Eraser and it found the threat. There was a task running that would reinfect the PC after Malwarebytes removed the infection. Malwarebytes was detecting and removing the children infections and not the parent. Link to post Share on other sites More sharing options...
LiquidTension Posted June 2, 2017 ID:1132527 Share Posted June 2, 2017 Hi Hayseed, Thank you for sharing your findings with us! It's much appreciated. Would it be possible to provide a copy of the Norton Power Eraser log/report that contains details of the detection please? You should be able to find the log in the following directory: %localappdata%\NPE In addition, it would be very helpful to review the reports generated by Malwarebytes. This can be collected using the tool below. Malwarebytes (MB) Check Please download MB-Check and save the file to your Desktop. Double-click mb-check.exe to run the program. A black Command Prompt window will briefly appear. Click OK upon completion. A log named mb-check-results.zip will be saved to your Desktop. Please attach the file in your next reply. Thank you! Link to post Share on other sites More sharing options...
Recommended Posts