Need help with possible Malware!

clifford_cooley · clifford_cooley's Computer Specs

My father has had a few things happen to his PC. I've been trying to wrap my head around what might be taking place.

Windows Aero has been turning itself off.
Browser highjacker.

He has been infected in the past but now MSE and Malwarebytes scans are clean.
His infections were probably from downloading new wallpaper for desktop.

Newest development:

CCleaner give an update button which is when he says all hell broke loose.
Windows Aero has been turned back off.
MS Office ribbon interface replaced with "If you like this click here to like this Facebook page."
He did a system restore before I was notified and recovered his Office Ribbon interface and CCleaner is working properly again.
I did have to enable Windows Aero again.
MSE and Malwarebytes still report the PC as clean.

I did a search for Malware replacing ribbon interface or CCleaner infections but have come up empty handed.

Has anyone heard of such Malware?

bassfisher6522 · bassfisher6522's Computer Specs

It could be a rootkit, try running TDSSKiler. Have you run all the malware software in safemode?

http://support.kaspersky.com/faq/?qid=208283363

Shintaro · Shintaro's Computer Specs

I would suggest, if possible, an offline Windows Defender scan.
http://windows.microsoft.com/en-AU/w...fender-offline

Also a scan using Malwarebyte in Windows Safe Mode.

Hope this helps.

clifford_cooley · clifford_cooley's Computer Specs

Just finished a scan in Safe Mode with MSE. I'm scanning with Malwarebytes now. For some reason I was presented with a message stating the definitions were corrupt or missing. I had no choice but to download a new set of definitions for Malwarebytes before I started the scan.

I will scan with TDSSKiler next and report back. Thanks for all the suggestions, hopefully we find something to ease my paranoia.

clifford_cooley · clifford_cooley's Computer Specs

Malwarebytes and TDSSKiller reported clean on scans.

Any other suggestions or should I assume the PC is clean?

I feel better about the PC but if you think it's necessary to scan with another app, I'm open to suggestions.

**TrainableMan** · TrainableMan's Computer Specs

The boot DVD is best idea. Also, in safe mode b4 you run scans you should run RKill too, TDSSKiller is for root kits but RKill is for memory-resident hiders

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
contacts export not possible - help!	Yana	Windows 7 Support	26	09-17-2011 08:11 AM
is it possible to make the desktop resolution larger than the physical resolution?	Roland Schweiger	alt.windows7.general	7	05-16-2010 04:42 AM
possible setup help when win 7 will not alllow user access at all	WyldBlackWolf	Installation, Setup and Updates	0	01-07-2010 05:50 AM
Possible rootkit	Robert Brereton	alt.windows7.general	2	12-13-2009 12:35 PM
Win2000Pro to Win7 upgrade: possible?	Dave-UK	alt.windows7.general	3	10-26-2009 08:52 PM