Rootkit/Trojan disabled Regedit, Windows defender and Malwarebytes

icecoldsir

Estimable
Jun 19, 2014
2
0
4,510
Picked up this particular problem from a non official CTF I attended about a week ago.My idiot friend without my knowledge opened up my network settings on my desktop so he could browse some files on my internal drive and while it was open I am assuming that's when someone else installed the root-kit/Trojan into my system.

So far all my efforts to find the root-kit/Trojan have been bad. It has disabled Regedit and Malwarebytes initially and once Windows Defender found something it immediately crashed and hasn't allowed me to rerun it since. I was successfully able to run Avira but even that didn't find the source of the issue, it only found simple Trojans and other low risk malware. And after cleaning those the issue still persists. I've tried booting into safe mode and the problem is still there.

I would prefer not to have to reinstall the OS if at all possible. But at this point I am out of ideas.

Everytime I try to run the shortcut for windows defender I get this message http://i.imgur.com/NWUKKTm.jpg and this is AFTER I have removed all other anti virus so that it conflicting with other AV's is not a possiblity.

After that I tried looking a bit deeper and looking at services. Specifically at the Security Center service which runs the security suite for windows. After messing around with that for a bit it seems as soon as it starts running or trying to run something immediately disables it and the "startup type" gets reset to disabled like this http://i.imgur.com/P7gDF5X.png

Anyways, that's all I have for now. Hopefully someone smarter then me can help me out, my area of expertise isn't in malware unfortunately, only Networks/coding.
 

icecoldsir

Estimable
Jun 19, 2014
2
0
4,510
Nope no dice. Ran it and it didn't find anything of value. Still unable to open and of the programs I listed. Going to try Avira/Avast again. If I don't find a solution by tomorrow night I'll just nuke my HDD. Whoever put this software has already accessed my Ebay (tried to order gift cards) , Amazon and other personal shit. Have changed the passwords to everything I can think of but only a matter of time until he finds something I forgot.

If ANYONE can give me another option I would be very grateful.