K this one changes permissions on programs that i use. i have to go to cmd prompt and change permissions from there to get progs to work. webroot or anything else i have no luck removing so far. problem is filename uses a colon so windows cannot see the file. i was planning to use linux live on cd and try to delete the file that way but i want to put this out there if anyone else has future problems, i am willing to try any other solutions. mbam closes as soon as it starts to scan so obv it is infected or locked out. registry entry rewrites itself as soon as i delete. safe mode everything is ok but once again cannot locate or delete the file due to colon. gonna try to reinstall mbam and see if it will find it.
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
i found through a few diff progs file location is C:\WINDOWS\3564491017:4130245163.exe
but due to the colon windows does not see it as a full file. try google searching something in windows search or even google. see what it does???
That is the zero access rootkit - failure to remove it properly will result in a lot of problems for your system i.e unable to boot and loss of the internet
Edit : I have just looked at the thread and the wrong approach was taken - as several things all need to be changed at the same time
so far combofix has worked wonders. rebooted once since fix, no problems. will further monitor and scan with a few tools. combofix took about an hour and a half, so if anyone thinks it hangs up just be patient and let it do its thing.
Yep combofix will work very well as sUBs has the right sequence of codes, but using another tool like Hitman, TDSSKiller or removing files with OTL could be disastrous
fortunately windows saved it.