Jump to content
sparta

Persistent infection win 7 and win 10, kernel mode driver malware not detected

Recommended Posts

hi 

i have contacted in the past as well for this persistent infection in my windows 10 and windows 7 pc .
i have seen that this virus malware etc comes when i connect to internet, even if i have installed alll known antiviruses.

only outpost firewall detects it saying unsigned kernel mode driver is about to beinstalled i chose to deny but system
still gets infected some how.

here is how other antiviruses react to it.

kaspersky- protection gets disabled altogether. usb scanner does not detect any thing

malwarebytes- protection gets disabled, and even the chamleon is not able to get it working again.

norton does not detect anything

emsisoft detected download manager trying to download some malware with the original file being downloaded simultaneously.

eset secuirty trial just gets disabled .

tried all usb scanners as well avast avira kaspersky norton nothing found.

tried rootkit scanners as well nothing found.

the issue came on win 10 so formatted and installed win 7 but same issue on it as well.

system becomes use less either the internet will not connect or if connected system cpu usage will be 100%.

so installed ubuntu dual boot with windows and run the windows 7 in vmware in it.

even on clean install in vmware it gets infected as the sytem goes online with any of the combinations of antivirus and
firewalls (outpost or tinywall or comodo)

All windows 7 and 10 systems were fully updated.


Some one suggested that it is a network malware.

Also some one stole my 50GB data when i was using my previous ISP. they did not do anything asked them to provide details
of what was downlaoded they never reverted back so switched ISP.


emsisoft is somehow not disabled but it does not detect anything either,

i have now spyshelter, osarmor and voodoshield , tinywall no one detects anything or stops kernel mode driver  install or
from getting infected.

when i check my ip in browser it one times said DOD united states.  i checked it is department of defense usa??

  am i part of some bot network? or has some one hijacked my ip i dont know.

now i have to use snapshots in vmware machine as i go online it gets infected and i revert back to snapshot to get it
working again.

Also the vmware tools show error when it gets infected saying vmware tools are not installed.

i ran sigverif in windows+r and it does not detect any unsigned driver.

I think i have rootkit which comes from internet every time i connect even on a clean install pc. and then it some how by
passes all the firewalls and downloads more malware which are undetected and make system unusable, taskmanager antivrius
says you dont have access or file not found etc when run.

Also when i log into gmail it says logged in from 1 more location that has same ip and browser as mine.


pls help, 


 

Edited by sparta
update

Share this post


Link to post
Share on other sites

Do you mean that you installed Windows from scratch, then installed ESET from an official download page and shortly after without doing anything or installing any dubious software ESET was disabled?

Share this post


Link to post
Share on other sites

hi thanks for replying

 

this is my past post 

 I  have used several software trials till date on clean installs but when i go online  windows update etc is done or if i even download glasswire software to see connections as soon as i install a software the system gets infected as if the malware is in the ssytem always even after full format and reinstall. i think it comes from network.

same happens when i am using the vmware virtual machines installed from scratch.

 

 

Share this post


Link to post
Share on other sites

There are advanced persistent threats that can survive a HDD reformat and OS reinstall. What needs to be done is a disk wipe utility capable of performing military grade wiping/reformatting on drive be used. On a large hard drive this could take days or even a week or more to complete. A simpler solution is just to replaced the hard drive with a new one. Prior to doing so, I would experiment with a borrowed or unused hard drive from another device. When the OS is installed  and AV software installed and no infection reoccurs, you have your confirmation the old hard drive is the source. 

Also both your PCs are part of a larger local network, the malware could be resident on another device on the network.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×