Nasty Rootkit

[mystuff2]

I seem to have picked up a particularly nasty rootkit.

I hope someone can help because I have been scouring the web for two full days now and I have not turned up anything that works.

It will not let me do much as far as running AV programs.

It will Not let me run Malwarebytes nor Hijack this.

It will not let me run Avast nor Nod AV programs.

It will not let me run Regcure nor Registrybooster

I also noticed a strange new file in my C:\Documents and Settings\xxx\Local Settings\temp directory named "jggsw.old". I can delete it but it immediately comes back again. I suspect this is related to whatever I have caught.

I was able to run Spybot and it picked up something called "UACd.sys" which I found out from a web search is a virus.

It was located here:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys (and in several more ControlSets)

With this key:

\systemroot\system32\drivers\UACssibivkdiv.sys

I took a chance and deleted all references to this in my registry and after a reboot things seemed to work again. However, later (after a second reboot) the problem seemed to return and I am no longer able to run these programs once again.

I searched the registry once again for traces of UACd.sys but did Not get any hits this time.

I am beginning to suspect it is a mutating rootkit.

Any ideas as to how I can find out what I got and how to get rid of it?

I would GREATLY appreciate any assistance anyone might be able to provide.

Thanks

[Maurice Naggar]

Hello,

Yes, you have a rootkit infection. You need expert guided help, which we can't do in this area of the forums.

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Please note that it may take 72 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 72 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

Alternatively, if you are a MBAM customer, you can contact the help desk at support@malwarebytes.org

If you are a corporate customer please send an email to corporate-support@malwarebytes.org. (NOTE: An order number is required for corporate support.)