I am at my wits end. I am sure I am dealing with this FFsearcher. See here for details:
http://trusteer.com/...-one-click-time. I have all the symptoms mentioned in this article. I have ran everything I can think of. Hijackthis will not even run. I have ran malwarebytes,asquared,avira,combofix. Asquared detects it but it will not remove it. It is detected at \globalroot\Device\__max++>\HHHHHHHH.x86.dll, where HHHHHHHH are 8 hexadecimal digits that change in each boot. I have tried root kit scanners: Avenger,Rootkitbuster,Unhackme,GMER. Unhackme shutsdown right when I try to run it. As does hijackthis. GMER scans and finds the rootkit but it does not give me any options. I can not click "stop service" or "kill process" all the options are grayed out. I also ran the mbr rootkit scanner on the gmr website. I am guessing just do a fresh install of windows? I have searched for several hours online and yet to find a success story of anyone removing this thing.
Here are a few other people that have the same thing I am dealing with but have no answer:
This person had the same \globalroot\Device\__max++>\HHHHHHHH.x86.dll as I do.
http://www.dslreport...ts-to-safe-modeI am also having the exact same issues as this person with the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them" when trying to run several programs to scan for rootkits and viruses. They also have the \globalroot\Device\__max++>\HHHHHHHH.x86.dll
http://www.computing...orer/26983.htmlHere is another post on asquareds website about this same infection:
http://forum.emsisof...?g=posts&t=6266Does anyone have any thoughts on this or what can be done?
Edited by markedmanner, 28 September 2009 - 11:20 AM.