xie said:
Think your looking at it the wrong way, yes only malwarebytes detects it, but thats because it's the real deal. Perhaps you should be worried why the others don't? I would find another AV solution with a higher detection rating.
Also this malware is running as an admin on your system, why should it have problems not showing in task manager (lots of things don't). Also if your not 100% sure you got everything you might wanna backup/format to make sure it's all gone
xie, nod32 didn't see it or remove it either, nor do I think too many av's can if it's a root kit, which disables av's and every program that even looks like it might be after it
I have never come across a root kit before and I am guessing this is one of them, if it is I need a reformat to insure the compromised kernal is clean
again, if it is a root kit, malewarebytes should not be able to clean it up either but it does, malewarebytes being as you say, "the real deal" or not, a root kit usually cirvumvents and disables anything that goes near it's files, it does not do this "by running as an adminsitrator" as you suggest, most programs can run as an administrator yet they are still in task manager
it runs stealth a number of methods, one by replacing "root" (kernel) files and programs, thus "root kit", for others that might not knoq, root is a unix term which basically comes down to "as the operating system"... a far more appropriate term in windows would be "a kernel kit" the method these programs use to run without being seen by task manager is to disguise or rewrite themselves as "root" or actual kernel administrative processes, another method they can use, they might actually be loading as a virtual os on boot, another, they might intercept kernel calls and change that call
this trojan has all the ear marks of such a kernel kit, it executes without acknowlegement from the user and it is almost definatley running in task manageer but probably with another process or as kernel administrative process...this is how it might keep popping up even after it's files have been purged.
running "as an administrator" does not preclude processes being seen in task manager, it needs far more then that
in the end, if it appears again on either my box or work I will reformat since I don't want to go through the trouble of correcting code with the use of a second box
I am rue to do a reformat since in the past I have always been able to repair systems that don't have hardware issues
anyway, the reason I authored this thread was to raise the alarm
I was fooled by a trojan, it disguised itself in the form of a microsoft applet and I allowed the trojan to install, once executed to install it was not detected by my av or any real time av I tried since
point being, even processes you usually trust, if you did not ask for a service then deny it from running no matter how much you think you trust the process
[on edit]
I have re-installed avg (version 9) and then I did some forensics to see if the newere build would detect this particular trojan if it tries to execute and it did prevent the execution, of course if it managed to finish execution I doubt the av would be able to clean the files
I did the same forensics with avast and it did not prevent an install execution by this trojan