donb2 Posted January 8, 2010 ID:181718 Share Posted January 8, 2010 I was attempting a virus removal on a client's computer yesterday and immediately knew a virus was present based on the fact that Malwarebytes was no longer able to start (it was running just fine prior to the virus). I then notice that an out of place program was present in the registry Run section. It was one of those programs that when you remove it from the registry, though, two seconds later it puts itself right back in. You can just sit back doing absolutely nothing and watch it re-add itself.I then searched here and found information on how to remove it, so I thought. I used Process Explorer and Root Repeal but to no avail. I know you are probably saying maybe I did not know what I was doing but I have been in computers for twenty-seven years. The only processes listed where well known processes. I thought that maybe the virus was masquerading as a known good process, so I deleted "services.exe" because I thought it was supposed to be "service.exe" but then windows shutdown. Root Repeal did delete a couple of programs with gibberish filenames but that didn't help anything.Was this possibly a rogue process hooked into a legitimate process? Or are there some rogue processes that are able to successfully stealth themselves from both Root Repeal and Process Explorer? Link to post Share on other sites More sharing options...
donb2 Posted January 12, 2010 Author ID:183321 Share Posted January 12, 2010 Just as I suspected, the virus was embedded deep within the registry. I have since removed it via manual methods. All is well. Link to post Share on other sites More sharing options...
Recommended Posts