[markedmanner]

I am at my wits end. I am sure I am dealing with this FFsearcher. See here for details: http://trusteer.com/...-one-click-time. I have all the symptoms mentioned in this article. I have ran everything I can think of. Hijackthis will not even run. I have ran malwarebytes,asquared,avira,combofix. Asquared detects it but it will not remove it. It is detected at \globalroot\Device\__max++>\HHHHHHHH.x86.dll, where HHHHHHHH are 8 hexadecimal digits that change in each boot. I have tried root kit scanners: Avenger,Rootkitbuster,Unhackme,GMER. Unhackme shutsdown right when I try to run it. As does hijackthis. GMER scans and finds the rootkit but it does not give me any options. I can not click "stop service" or "kill process" all the options are grayed out. I also ran the mbr rootkit scanner on the gmr website. I am guessing just do a fresh install of windows? I have searched for several hours online and yet to find a success story of anyone removing this thing.

Here are a few other people that have the same thing I am dealing with but have no answer:

This person had the same \globalroot\Device\__max++>\HHHHHHHH.x86.dll as I do.
http://www.dslreport...ts-to-safe-mode

I am also having the exact same issues as this person with the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them" when trying to run several programs to scan for rootkits and viruses. They also have the \globalroot\Device\__max++>\HHHHHHHH.x86.dll
http://www.computing...orer/26983.html

Here is another post on asquareds website about this same infection:
http://forum.emsisof...?g=posts&t=6266

Does anyone have any thoughts on this or what can be done?

Edited by markedmanner, 28 September 2009 - 11:20 AM.

[Advertisements]

Hello markedmanner

Welcome to G2Go.
=====================

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download This file. Note its name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "Yes" to begin the scan.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

[kahdah]

Hello markedmanner

Welcome to G2Go.
=====================

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download This file. Note its name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "Yes" to begin the scan.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.