Originally Posted by
spanky
ive cleaned that up (in one form or another) on probably almost 100 computers.
go into safe mode w/ netowrking
run malwarebytes, remove everything
reboot back into safe mode w/ networking
run
combofix
let combofix reboot your computer when its done, wait for the log, etc.
run
cleanup!
reboot back into safe mode w/ networking, run cleanup again
Thanks just tried this. Looks like Im getting closer to finding the bug. Combo fix actually failed to remove a file. Here it is in the log...
c:\windows\system32\drivers\uustqai.sys . . . . failed to delete
I looked up its properties, it was created the exact time I got attacked. I try to request security info but it cant be displayed. I also cant delete it, rename it, relocate it... etc. "I always get "Cannot read from the source file or disk." Any ideas? Thanks again you guys have been nothing but helpful so far.
edit: just to add, I still have an extra iexplorer.exe running in task manager. probably due to uustqai.sys still active.
