![]() Now it's not showing anything but the spyware is back. However, in 10 minutes I knew I was infected again. c:\Windows\winsxs\Backup\amd64_microsoft-windows-wininit_31bf3856ad364e35_.16385_none_8ce7aa761e01ad49_wininit.exe_7a527f28 (Trojan.FakeMS) -> Quarantined and deleted successfully. ![]() After running OTL, MBAM found this c:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_.16385_none_8ce7aa761e01ad49\wininit.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. ![]() I ran an OTL script to try and remove FXSapiDebugLogFile.txt in the Appdata\Local\Temp directory but it can't be deleted - even in Safe Mode. On reinstall it immediately reinfects, installs IPv6 services and communicates out (even though I disable IPv6 during setup via Audit Mode). I think that the virus is hiding in the \SystemVolume information but can't be sure (Flagged by GMER). I have reformatted both the boot drive (120MB SSD) and the data drive (1TB) but not the backup drive (1TB). Hi, I've been fighting this malware for about 4 weeks now.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |