so Im unsure when you guys take care of rootkits or simply malware, however Ive been battling with a persistent rootkit that’s tremendous well-hidden
I bought a trojan not too way back, and even after a number of (gradual) codecs, it is modifications are nonetheless there unsure unsure if the precise executable remains to be there, among the signs I discover:
-my Person profile folder in my C drive is shared with everybody
-some .dll recordsdata are corupted (oleaut32.dll) and probably others
-I have been discovering unknown .sys drivers in my system32 aswell with no registration or signature
so my most important subject now: is after I attempt to run most anti-rootkit packages I get a BSOD every program with a special code
I attempted downloading vba32 antirootkit, however my browser wouldnt obtain from an FTP web site so I needed to obtain from a mirrored model off Softpedia.com (which I actually didnt wish to do)
I attempted working this system after obtain, and as quickly as this system begins I get a BSOD with the next error:
Cease: 0x0000008E (0XC0000005, 0x8D47E466, 0x9611AC78, 0x000000..)
Win32k.sys – Tackle 8D47E466 base at 8D400000
Ive learn that updating home windows and bios ought to clear up the issue, so I up to date home windows however for the bios I couldnt discover a home windows 7 suitable file, I ran the windows8.1 and windows10 suitable ones however they didnt work.
GMER appears to work advantageous, however I am probably not good with it. It retains throwing this modification:
.textual content | ntkrnlpa.exe!KiDispatchInterrupt
I forgot what the worth was however I attempted restoring the code for it and it retains coming again. should some file that I must delete from my system then restore.
So if there’s any analysts which are good with rootkits, your assist could be of nice help thanks in Advance