I tried this method on my Vista SP1 - it worked out great! But it has some differences in workflow. Here they are:
- name of that driver file was slightly different (4 or 5 last letters were different);
- during avenger run system reboots twice (second time it does by itself - user has nothing to do about that);
- after avenger I ran MBAM again (just to make sure there is no malware anymore) and found out that file itself is still there but it is not running (I guess because service was removed already), so I made MBAM to remove this file once again and this was it - one more run of MBAM confirmed system is clear.
Here are also some notes about what this malware does and how it behaves:
- seems this stuff is kinda smart: every time I tried to run antivirus which could destroy it - that antivirus was not able to update its virus definition DB and since was not able to recognize this malware.
- some programs were crushing into blue screen (like MS Visual Studio 2008) which tells me that again this stuff tries to prevent everything that could destroy it from running.
- I was even not able tp open some links in browser that contains name of it (rustok-N).
P.S. And of course I can not to say "THANK YOU" to Belahzur who's done a great job explaining a fix procedure step by step. I have not seen too much professionals over the net who is capable of actually help someone remotely. Once again, great job!
- name of that driver file was slightly different (4 or 5 last letters were different);
- during avenger run system reboots twice (second time it does by itself - user has nothing to do about that);
- after avenger I ran MBAM again (just to make sure there is no malware anymore) and found out that file itself is still there but it is not running (I guess because service was removed already), so I made MBAM to remove this file once again and this was it - one more run of MBAM confirmed system is clear.
Here are also some notes about what this malware does and how it behaves:
- seems this stuff is kinda smart: every time I tried to run antivirus which could destroy it - that antivirus was not able to update its virus definition DB and since was not able to recognize this malware.
- some programs were crushing into blue screen (like MS Visual Studio 2008) which tells me that again this stuff tries to prevent everything that could destroy it from running.
- I was even not able tp open some links in browser that contains name of it (rustok-N).
P.S. And of course I can not to say "THANK YOU" to Belahzur who's done a great job explaining a fix procedure step by step. I have not seen too much professionals over the net who is capable of actually help someone remotely. Once again, great job!