The saga of my unknown malware continues. I tried that RunAnalyzer, and it was just so much information that I had no idea what was legitimate and what wasn’t. Sorry, but I don’t have hours to parse through all that information. I will say that it is very interesting though.
So, I rebooted, to see if a new, randomly generated message would appear. Sure enough, a NEW dialogue appeared! Even dumber than all the previous:
Important – Errors found in the system
During the scan of files which are start automatically at computer startup, a critical errors in system registry were found.
0x01ff0010 irql: 1f SYSVER 0xbf04014
NT_Kernel error 1276 (EXCEPTION NOT HANDLED)
[ OK ]
So dumb, it’s not even worth commenting how many red lights go off. They just threw a bunch of random windows terminology together! I logged out, then back in, and, the same message popped up again. And again, after a 2nd logout. And again, after a 2nd reboot. I guess maybe they rotate at some random, unknown cycle.
I ran REGEDIT and looked in the Start > Run areas where malware likes to hide; and nothing of note whatsoever there. some NVidia stuff and Pivot Pro, my 3rd party software (Well past its expired trial period), and my AV stuff but nothing weird.
The thing is, these messages show up as actual APPS running in the Windows Task manager, yet I can find NO registry, DLL, startup, whatever, of what is spawning them! I really think that possibly some key system DLL or exe has been comprimised but I CANNOT tell which.
The SysInternals program ProcExp.exe verified every single EXE I could see. Besides, I don’t think it does a very good job of showing me every execution thread; because when I opened five explorer windows, it did not indicate any new sub-threads of explorer.exe: (Click to Enlarge)
So this program does not help me.
SIGH!
