Can't get rid of suspected malware: rtdvgbk.exe

Sidebar Sidebar
J

jtmccabe

Estimable
Jan 21, 2015
4
0
4,510
On 3/14/17, I installed ImgBurn freeware on a Win7 PC and picked up a ton of malware. I think I've removed or crippled most of it via various removal and monitoring tools, but I am uneasy because it seems something is still lingering. The machine seems to run fine, but in Task Manager I see 1-2 instances of something called "client". I think I've found the name of the executable behind "client" (rtdvgbk.exe), but I can't find the actual file anywhere.

Norton Power Eraser was the only tool I tried that found and claimed to delete the last of the malware. But after each reboot, "client" still appears. I've re-run NPE a few times and it always finds the same things but fails to permanently delete them.

Below are some clues I found that might help someone help me. Thanks in advance for any ideas.

Malware-rtdvgbk-1.png

Malware-rtdvgbk-2.png

 
Sort by date Sort by votes


Thanks for the advice. I'm trying the AVG Rescue CD now. I updated it with today's definitions and ran the first scan with the default settings. That didn't find anything, so now I'm doing a deeper scan with all the options enabled (e.g. scan inside archives, "paranoid mode", etc.). Looks like that will take a few hours.

Since my Google searches on some of the suspicious file names don't get any hits, I think I might be dealing with a brand new virus that most tools won't recognize. Either that, or I'm chasing a red herring and the system is virus-free.

Does my first screen shot above look suspicious to any experts out there, or is it possibly something harmless?
 
Upvote 0 Downvote


I did try the Malwarebytes standard AV software. I noticed the "real-time web protection" kept getting turned off. I'd try to turn it on and it would immediately get turned off again. I tried some suggested fixes for that but nothing worked. I also tried Malwarebytes Anti-Rootkit and that didn't find anything.

I have McAfee Endpoint Security installed on the machine but it won't even run. The Sophos Virus Removal Tool installer does nothing when I try to run it. The common theme is this virus either disables or outsmarts every tool I try.

Microsoft Security Essentials seemed to run okay but didn't find anything. Same with Microsoft Malicious Software Removal Tool. I think that's all I've tried so far. Again, Norton Power Eraser has been the only tool that seemed to partially succeed.

I'll keep trying things and report back when there's any news.
 
Upvote 0 Downvote


Boot into safe mode with networking to run disinfection tools or boot into live CD such as Kaspersky, Bitdefender, or Avast.
 
Upvote 0 Downvote
Over the past few days, I tried the AVG Rescue CD a few more times (updating it before each scan) but it never found anything. Today I decided to try the Bitdefender Rescue CD and it found the items listed below. I think the system is finally clean now, since I no longer see any of the suspicious software running.

COLGeek, thanks again for your advice!

====================================================
= Logging started on Fri 23 Mar 2018 09:14:19 AM UTC
====================================================

List of objects to be scanned:
- /run/media/livecd/LocalDisk

Object '/run/media/livecd/LocalDisk/Users/Administrator/AppData/Local/dtshnbk/dtshnbk.exe' is infected with 'Gen:Variant.Johnnie.75314'
Object '/run/media/livecd/LocalDisk/Windows/musicality.exe' is infected with 'Trojan.GenericKD.30411670'
Object '/run/media/livecd/LocalDisk/Windows/System32/drivers/dwsuybeh.sys' is infected with 'Application.Agent.BKV'

==================================================
= Applying actions
==================================================
Object '/run/media/livecd/LocalDisk/Users/Administrator/AppData/Local/dtshnbk/dtshnbk.exe' has been deleted
Object '/run/media/livecd/LocalDisk/Windows/musicality.exe' has been deleted
Object '/run/media/livecd/LocalDisk/Windows/System32/drivers/dwsuybeh.sys' has been deleted
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

M
  • Locked
  • Question Question
Question How do I get rid of Free Auto Clicker adware?
Replies
5
Views
8K
Antivirus / Security / Privacy
COLGeek
COLGeek
The KiWeeD
  • Locked
  • Question Question
Question Virus that turns itself off when task manager is opened
Replies
1
Views
13K
Antivirus / Security / Privacy
Tubucu246
Tubucu246
W
  • Question Question
Question Problems with Lenovo Yoga 500 14IBD
Replies
8
Views
4K
Laptop General Discussion
WindF
W
D
  • Locked
  • Question Question
Question Transparent malware on the background that prevents task manager from being opened
Replies
2
Views
6K
Antivirus / Security / Privacy
DMGrinder
D
Cyber_Akuma
  • Question Question
Question Thinking Of Ditching Eset/Nod32, But Windows Defender Is A Pain To Deal With
Replies
1
Views
5K
Antivirus / Security / Privacy
BEAUFORD_SAVAGE
B

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom