I followed the indicated links for Dr. Web Cure it, which appear to have changed and are updated now to Dr. Web Live CD, with the USB boot option.
However the options it makes available did not match the menu options prescribed
in your reference.
I was able to run a full external Dr. Web scan from a new USB stick, which did show a couple of less intrusive references. Unfortunately I never succeeded in finding an option that would permit me to save the scan results to send. I did a manual remove on those things found successfully, after which a second scan confirmed the issues were removed.
I think the system seems to be running properly now at this point. In the end, the many efforts did locate and remedy what appeared to be a fairly tenacious hidden keylogger / server MsEssentials, SAS and MBAM could not see. I can only assume this was the likely cause of the Credit Card breach we dealt with. Our CC provider did refund the exposures, so no significant loss was sustained. While there's never an assurance of perfection in having removed a rootkit without a harsh drive scrub, there has been no indication it was hooked at the MBR or anything with enough depth to suggest the clean up didn't succeed. The kernel code modifications indicated by KernelDetective seem to be consistent on my other copies of Vista and a few other references I found on the web, so I assume this to be an MS implementation for low level operation, perhaps even the MS malicious intervention process or SP2 hook for virtualization.Unless you would suggest any final checks or maintenance / security steps
, I'm fairly ready to cleanup the workspace. I have a commercial license for Kaspersky 2013 Internet suite I'm going to install in place of MS Essentials, hoping the KAS web link and email monitoring will provide better protection from casual browsing / phishing exposures on top of doing nearly all browsing in virtual mode at this point to reduce some of the potential for deeper infection, all be it I have seen KAS become compromised in the past as well, at least it alerts the user verbosely if it loses integrity.I am still concerned if not simply curious
why such a standard and vital staple as SFC, (System File Checker), would not properly manage desktop.ini files from its own OS. While many suggest the behavior is benign, it strikes me odd there is very little supporting information on this from MS or anyone else accurately identifying why
SFC fails to handle desktop.ini. This too may reflect back to OS hardening attempts by MS leaving SFC in the dark on this aspect of desktop.ini, since these files appear to have an integral presence between the desktop, gui and kernel integration MS continues to fight with among their exposed kernel/user design.
Last, I would like to say "Thank you
" for the patience and assistance from those having helped here. I tend to be relatively comfortable dealing with most malware having numerous 24 hour activities online for some years. However, the benefits of those who focus on assisting others with managing malware from a more intensive effort serve an irreplaceable
role of competency, dedication and assurance we all benefit from when the lines of reliability become smeared among more serious threats and zero-day exposures.
Thank you sincerely to those dedicated to helping the less knowledgeable.
If there is no further reply, please feel free to close the thread [RESOLVED SUCCESSFULLY]