Hello again Jim :)
I'm very sorry that I haven't posted here for a while. I've been exceptionally busy revising for exams and covering staff absence here. Anyway, exceptionally well done on getting most of your problems fixed.
barrejf said:
The latest problem is the fact I am only able to boot up my system by pressing F8 and selecting "Disable Driver Signature Enforcement".
This is caused by something very specific. First, as I'm sure you've already gathered, it's caused by a driver which doesn't have a valid digital signature. Although this can be caused by lots of reasons, there's only one likely reason. Digital signatures cost big money, but all normal drivers have to have them to operate (after all, you can't make a device which needs Windows booting into disabled driver signature enforcement mode just to work).
The answer is that it's part of your rootkit infection. The malware authors aren't going to pay for a digital signature, so instead they run without one, then hack the system to disable the check.
Your infection is currently in a half removed state. The hack to make the driver work properly even though it doesn't have a digital signature has been removed, but the driver itself, the core of the actual rootkit, lives on.
Now, please can I urge you
in the strongest of terms not to try to remove this yourself at this time. It's already in quite a precarious state, and one wrong move will, without a shadow of a doubt, stop this computer booting entirely. It should still be possible to fix then, just it won't be nearly as straightforward. The automated tools have already failed to do a complete & clean removal on your system. What you really need is an experienced human analyst to take a look, track down all remaining parts of the driver, then remove them in one single shot. The whole point here is that the remains of this rootkit cannot be removed in parts, it's got to be taken out in one fell swoop, otherwise the system goes belly up.
I would therefore recommend following these instructions:
https://www.sysnative.com/forums/security-arena/2507-malware-removal-posting-instructions.html
and posting a new thread in our Security Arena. It won't be me helping you as I don't do malware removal, but one of the specialists in proper rootkit removal (most likely Corrine or Will Watts).
Please tell them that your computer only boots in Disable Driver Signature Enforcement mode, and that you partially removed a rootkit infection, ideally, providing logs for whatever tools you ran. They'll know straight away what they're up against :)
Good luck!
Richard
