+Situation: opened link in expertly spoofed e-mail (yeah, I know…but was expecting mail from purported source and it was well done), realized error (checked URL) and decided to run scans
AVAST ASWmbr (File Version 1.0.1.2290) and GMER (File Version 2.2.19882.0) both produced BSODs in both regular & Safe Modes: “Driver IRQL Not Less or Equal. What failed ASWMBR.SYS” (for ASWmbr), “PWTOYPOG.SYS” (for GMER).
BitDefender 64 found nothing in regular mode but ran so fast I have no confidence in the scan.
rkill & Unhide run - no issues; Stinger, Norton, Malwarebytes, Sophos Virus Removal Tool, and SuperAntispware run: nothing.
made boot disk for Norton: ran and found Backdoor Tidserv (from heuristic) and allegedly repaired (removed) it.
ASWmbr (& GMER) run again: same issue with BSODs.
Ran Norton boot disk again: found 2 suspicious .dll files and tried to fix them - indicated that remediation failed. Ran Norton later: same .dll files identified as a problem - scanned files individually with Norton, Malwarebytes, & SuperAntispyware and no sign of malware. But the Boot disk still flags these files as High Risk. Interesting as the files are purportedly Norton Download Manager Plugins.
ASWmbr (& GMER) run again: same issue with BSODs.
I have no confidence that machine is clean as both anti-rootkit softwares mentioned above won’t run. Also, had one phishing pop-up but nothing since that time. As I can’t find any obvious malware, is the issue between the ant-rootkit software and my computer and not some bad actor? BTW - tried to run ASWmbr and GMER under different compatibilities (Win 7, 8, & XP SP3) but no success.
Logs from Malwarebytes & FRST attached. Both ASWmbr & GMER crash so can’t supply logs - could supply partial logs if I can hit tab before BSOD but such is “tricky.”
Please help if you can, this situation has become maddening as I need my main machine but can’t trust it (I’m so concerned that I am unplugging the machine from the internet when not in use).
Thank you!
Win 10 computer (upgraded from Win 7)
Core i7 920 @2.67 GHZ, Dark Knight cooler
6 GB RAM
AMD Radeon HD7800 Series graphics card
SSD boot drive, 2 platter drives, floppy, 2 optical drives
800 W PS
Your system is clean. ASWmbr and GMER are not compatible with Windows 10 and running in compability mode will not make them work on Windows 10. If you want anti-rootkit check, you can use Malwarebytes or Kaspersky TDSSKiller.
However, you still have some of ASWmbr and GMER leftovers which we will take care of.
Open Notepad (click Start button → type notepad.exe → press Enter)
Copy text from code block below and paste it into Notepad
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
I continued with the process and the indication from the program indicated that Registry copy made and restore point established (didn’t attach box - power out and UPS chirping).