One of the guys from work brought in his wife’s computer. He was sure that the hard drive was bad.
Look! It’s a Rogue pretending to be part of Windows and not a third party product. This increases the trust factor and thus increases the chance of them buying “this feature”.
I was able to remove this rogue system utility and secure the OS using the following steps:
- Starting the PC in safemode with networking.
- Ran GMER. GMER detected traces of an MBR Rootkit.
- Ran TDSS Killer and turned on additional scan options.
- Removed a TDSS File System.
- Installed Malwarebytes and removed the rogue and some registry entries.
- Installed lot’s of missing Windows Updates
- Installed latest version of Java
- Removed expired McAfee and installed Microsoft Security Essentials.