Settings Being Edited

Today, I tried turning on my computer, only to find that I was facing a black screen with a mouse icon and nothing more. I was unable to open the control panel by using Ctrl+Alt+Del, so I promptly flipped out and reset a few times to see if the problem would persist. It did.


After a bit, I restarted in safe mode, and was able to do so successfully. I then returned to a restore point that had been set only a few days ago, and I'm lucky for that. I had hoped it was just a corrupted boot file, but when I tried to run a scan through BitDefender 2012 just to be safe, I noticed something peculiar. For one, it acted strangely at first, getting disconnected from BitDefender's servers the moment after launch. I restarted and this time BitDefender stayed connected. When I ran the scan, I took a peek around to make sure everything was on the up-and-up. It wasn't.


The Firewall had been turned off in the settings menu and the AntiVirus settings were all set to minimum and a 'custom' setting for On-Access that made it so BitDefender wouldn't check archives or the boot sector. I set these back on and waited to see how soon the virus I obviously had would set them back. Thus far, I can only say that it sets the Anti-Virus to these 'custom' settings whenever I start a scan. I'm assuming its doing to preserve an infected archive somewhere. I don't know how to do a proper scan and delete if my trusty antivirus software has been compromised.


This virus is obviously using my own administrator permissions to do this. Is there a way I can prevent it from doing so? How can I do a manual scan on the archives and boot_s sector of my computer and get the bugger?


My System Info:


OS: Windows 7 64-Bit


Motherboard: Asus P8P67 Pro


HD: Seagate 1TB


Processor: Intel i5 with Sandy Bridge


Video: Radeon 5850 1GB

Comments

  • I would like to add a note here, as I have discovered some new information. I found out that the 'Intrusion Detection' setting is off by default. I though that it had been turned off by the virus or something. When I said that the firewall had been turned off, I was referring to the 'Intrusion Detection' feature. It would seem that the only thing the virus is affecting is the on-access scan parameters.

  • It has been four days and I am still waiting for contact from the technical team concerning this situation. I hope to hear from you soon.

  • I have sent a PM to DannyDan inquiring when I might be contacted by the support team, although it's not showing up in my 'Sent' folder.


    I just wanted to add a few notes about my recent experiences over this last week. I continue to be unable to track down what's affecting my system. A few days ago, I ran into another black screen of death. Got another system restore point done, but received an error upon startup that the system restore had failed. The error code it fed me was 0xc0000022 although I haven't been able to figure out what this means. I'm unable to install the Windows 7 Service Pack 1, and the System Readiness Tool is stuck at 0% whenever I try to use it to manually install the update. The explanation I've heard is usually due to changes to the Windows files, which is something I simply have not done. I would wager this is the virus again. It's obvious by the admin-level behavior of the virus that I have a rootkit, because I've noticed that whenever I try to run scans the settings are changed to custom with archives, boot sectors, and rootkits not checked. I have run several custom scans and checked the logs to make sure they use the full aggressive settings, but it's turned up nothing.

  • I have sent a PM to DannyDan inquiring when I might be contacted by the support team, although it's not showing up in my 'Sent' folder.


    Just for future reference, sent PM's are NOT saved by default. When sending a message, look just above the Send Message button for a checkbox labeled Add a copy of this message to my sent items folder.


    Regards,

  • Hello,


    I have taken ownership of the ticket you have open with us (ID: 201109061001177). Please check your email and send me the requested log file so we can find the cause of the issue you encounter.


    Looking forward to your answer!


    Kind regards,