Hi guys! This infection does not see any one antivirus!
I was advised to use the utilities from your site http://www.gmer.net/#files it comes to utilities GMER and aswMBR.exe I could not find this forum dedicated to these tools because written here =)
Although, in principle, I must tell you that utilities GMER and aswMBR first also did not show, but when I gave them into the hands of “microscope” of your utilities GMER and aswMBR saw many strange things on this board need your antivirus experts =)
Oh yeah I almost forgot as a “microscope” acted latest driver SPTD for Windows. Here the link to the website of the manufacturer’s drivers http://www.duplexsecure.com/en/downloads
I decided to throw these drivers on virustotal to check after check is nothing strange in them has not been found, so we can assume these drivers friendly and helpful here is the link to the report: https://www.virustotal.com/en/file/25c38106a47aa07e7cf0db0770ba450316833531bd069c31c65a5237532f673c/analysis/1428576912/
After installing this driver, your utilities are no longer blind received sight, and as the saying goes, and many countries have issued information!
Yellow in the screenshot displays the files Antivirus ESET (probably have to say goodbye to him and go to your Avast!) but displayed in red, this is the plague that without SPTD driver can not see your utility and produce white!
Help to remove this stuff!
Przemysław Gmerek works for avast https://blog.avast.com/2009/07/17/avast%E2%80%99s-top-5-hidden-gems/
and i think he made aswMBR also ... that contain GMER scanner and so does avast
avast perform a rootkit scan 8min after boot
4. Strong antirootkit shield. Starting with version 4.8, avast has a built-in antirootkit scanner. It is based on GMER, one of the most respected specialized antirootkit applications available[b] (in fact, the guy who created the original GMER now works for us)[/b]. We’re constantly improving the internals of this component so that it’s able to detect and remove even the latest threats, including e.g. the infamous MBR rootkit.
First submission 2015-02-03 19:52:53 UTC ( 2 months ago )
CopyrightCopyright (C) 2004-2014
Publisher Disc Soft Ltd
Product SCSI Pass Through Direct
Original name sptdinst.exe
Internal name sptdinst.exe
File version 1.87.0.0 built by: WinDDK
Description SCSI Pass Through Direct setup
[b]Signature verification [/b] Signed file, verified signature
Signing date 3:52 PM 12/11/2014
Signers
[+] Disc Soft Ltd
[+] GlobalSign CodeSigning CA - G2
[+] GlobalSign
Counter signers
[+] GlobalSign TSA for MS Authenticode - G1
[+] GlobalSign Timestamping CA - G2
[+] GlobalSign
Hi Eddy!
When I wrote my request for help in the wrong section please move it where you need it, I just did not find the section dedicated to the buyout utilities I have used!
You probably missed something, and do not know what GMER is now a division of Avast =)
I think so, and my English is very bad and you do not understand me or you just do not want to understand me =) Look at the log files, the driver is your utilities have seen a lot!
I think this infection is based on Windows PE, it is what that miner or something what it eats my computer resource and constantly transmits it somewhere in the Internet!
Hi Pondus!
Thank you that you have confirmed my words, and proved once again that Przemysław Gmerek works for avast!
Przemysław Gmerek certainly tough guy and well-known personality in the antivirus world, but not what I wanted to talk here!
I NEED YOUR ASSISTANCE AND INSTRUCTIONS HOW TO REMOVE THIS INFECTIONS!
This is clearly something new, any anti-viruses sees nothing ONLY YOUR UTILITIES saw this infection, again thanks to this driver they sight!
Download, install, removed a tick “Enable free trial of Malwarebytes Anti-Malware Premium”, launched, update the database, and the result NOTHING FOUND, see screenshot!
P.S. utility Malwarebytes Anti-Rootkit (MBAR) just did not find anything…
Now more’ll try your Farbar Recovery Scan Tool and then lay logs
Essexboy you know there is such a program for hard drives as Victoria ?! So she told me long ago showed an unknown device on the loop ide, I thought this is what is a bug and that it is displayed as DVD, and it turns out to be some sort of infection attached to the DVD, you GMER logs and aswMBR log read at all ?! Nothing strange not see ?!
And yet noticed the following, the program Parkdale.v2.95 gives a strange information look the screen if DVD disc is inserted into the drive (see screen 1), if you get it from the drive to see what can be seen (see screen 2) out that this infection has a weight of 650 MB o_O ?!
In short guys I do not know what it is, what that might miner or something else, but this infection eats my computer resource and constantly somewhere that it sends! I just want to get rid of this, tell me how to get it and give it to you for review!
Yes it is! I used it to remove all the information to do a complete wipe out the hard drive! I thought it will delete everything completely. together with the virus, but it was not there, as is now evident from the logs of this infection is sitting somewhere in RAM! Or video RAM! Or whether it is stored in a part of the buyout hard drive is not visible to the user a simple, my hands there has not got =)
I’ve tried a lot of things, there is still such a program HDD LLF Low Level Format Tool but even she does not remove this infection! And then there was progress installed the driver SPTD for Windows and your utilities began to see that something did not notice!
OK! But I look at this Defogger no support for Windows 8, but I think it is not critical =) It is a pity that ComboFix not support Windows 8…
It seems like now, after Defogger scanned system! In short AswMBR now does not display these red lines =)
But in the log Defogger writes this:
Checking for services/drivers…
SPTD → Already disabled
that just goes Defogger disabled driver SPTD for Windows that is, it turns out that the same thing I did not install this driver at all, and if it now again set then perhaps everything will be on the new show ?!
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
essexboy, This Russian utility just did not find anything, I ran it again today and avail of any … With this software I have long been acquainted, some people call this software and viruses Russian origin =)
It turns out that the driver SPTD for Windows was able to open eyes only for your utilities GMER and aswMBR , and all other utilities are blind as before
That is why I wrote to you here, because GMER and aswMBR this utility to your production, and therefore in the laboratory Avast is different from all the other produces the best software =)
In general contagion saw logs have left to figure out how to bring it, and give you the expertise and then completely kill)))