New
#1
How did they slip past AVAST?
i'm looking at the worst case of infection I've seen in 3 years - basically it is a nuke/redo.
This is a lightly-loaded and lightly-used PC, has little on it other than wildlife photos from a hunting ranch, a few programs like for Garmin GPS and adobe reader, etc, and outlook [may be the path?].
this thing has a zw java exploit rootkit of some variant, along with several trojan droppers, ransomware, and other things I'm sure I haven't found yet. the top layers were easy to disarm but the rootkit[s] at bottom eluded both the popular TDSSKiller and Malwarebytes later entry into the Rootkit find/disarm game - both came up clean and so did routine AVAST scans although the full scan of the latter noted some password protected javascript files that would seem to be innocuous but I don't trust them given the primary exploit. Microsoft's aging rootkit revealer found a number of problems - quite a list. and Trend Micro's beta RootKitBuster found a couple of dozen entries that it could not deal with [log: "unable to fix"]
QUESTIONs: what do you think was the door-opener? the machine did have old Java 6 - i believe the updates were through 24 or 25.
HOW did it slip past the AVAST, which was full install, updated/latest, and all scanners running including mail scanner.???
The user's primary browser has been Chrome, at my suggestion! not IE very much other than one or two cranky secure sites that don't play nice with chrome.
sign me baffled... bewildered. My guess, based on some comments by the user, is that this all started with a mail attachment from "a friend", later finding out that the friend's email account had been hijacked. How many times do we have to tell people: DO NOT CLICK.