Dang Virus Halted Malwarebytes and More

[donb2]

I was attempting a virus removal on a client's computer yesterday and immediately knew a virus was present based on the fact that Malwarebytes was no longer able to start (it was running just fine prior to the virus). I then notice that an out of place program was present in the registry Run section. It was one of those programs that when you remove it from the registry, though, two seconds later it puts itself right back in. You can just sit back doing absolutely nothing and watch it re-add itself.

I then searched here and found information on how to remove it, so I thought. I used Process Explorer and Root Repeal but to no avail. I know you are probably saying maybe I did not know what I was doing but I have been in computers for twenty-seven years. The only processes listed where well known processes. I thought that maybe the virus was masquerading as a known good process, so I deleted "services.exe" because I thought it was supposed to be "service.exe" but then windows shutdown. Root Repeal did delete a couple of programs with gibberish filenames but that didn't help anything.

Was this possibly a rogue process hooked into a legitimate process? Or are there some rogue processes that are able to successfully stealth themselves from both Root Repeal and Process Explorer?

[marktreg]

Hello donb2, and welcome to Malwarebytes.org

The experts don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

[donb2]

Well ok then. I am not asking for help via a log though. I know how to interpret logs myself.

[marktreg]

Sorry, donb2, but the rules here state that no malware removal advice is allowed to be given outside of the Malware Removal - HijackThis Logs forum. This is to stop non-expert people giving advice that could possibly harm someone's computer. Being in the computer industry yourself, I'm sure you will understand this.

[AdvancedSetup]

I'm sorry Don but we provide a software product for removal and we facilitate a forum with Experts to assist users in removing Malware when required. We're not really here to teach Malware removal. If you're interested in obtaining more detailed information on the subject then you might want to apply at one of the schools.

The following are websites who host training facilities: United Network of Instructors and Trained Eliminators

• Bleeping Computer
  
  
• Geeks to Go
  
  
• SpywareHammer
  
  
• Malware Removal
  
  
• What the Tech
  
  
• Spyware Info Forum
  
  
• That Computer Guy
  
  
• Tech Support Forum
  
  

[noknojon]

As per AdvancedSetup first - Then feel free to browse any of the areas titled "Self Help" as they can help if you want other information -

EDIT -

There are several pages within these areas that can be of good general use if you take your time and look -

[donb2]

Ugh. Ok, already. I got it the first time. I am not trying to force the issue any further. How the heck do I delete this topic?!