Possible rootkit infection?

[Rednose]

No,

Do you manage/own/control a web site ?

Greetz, Red.

[REDACTED]

Yes I manage some sites ..
Wait are you suggesting that is possibly coming from one of the sites I have admin/ftp/cpanel access to? If yes how to figure out which site is causing the issue?

[essexboy]

Use zuluscaler to check the sites.  Link in my post 11

[REDACTED]

ok i'll try it out.

[REDACTED]

The issue is back again ... avast started detecting since last night .. its flooding visrus chest.

As essexboy mentioned it could be something related to my web access I cross examed and created list of sites that I visited before past issues and this time:

http://zengreentea.com.au/ (ftp/cpanel access )
https://ua.siteground.com/
http://elitessp.co.uk/ (ftp/cpanel access )
https://hdwebprovider.com/
http://www.clipconverter.cc/
https://tinypng.com/
http://kit-i.ru/

And some other sites like dell,amazon but I highly doubt that they have compromised server to be sending malicious stuff.

http://xvideos.com/ http://tubenn.com/ http://www.cliphunter.com/ http://milfzr.com/ (adult sites, not sure if posting these urls allowed here but if its offensive, please feel free to remove .. just trying to help and figure out what could be causing this issue )

I really need this issue resolved and still no AV or other security tool can detect this thing, only avast seem to be able to detect its auto generated files .. but still cant detect the root .... please help

Any help is much appreciated.

[essexboy]

Have you checked the two sites where you have cp access with Zulu scaler ?  As the files do have that virus characteristic

[REDACTED]

mostly it detects

"Suspicious Domain name    URL Domain: com has suspicious character score"
"Suspicious Sub-Domain Name    domain. has suspicious character score"

no actual threat detections yet.

whatever it is .. is still active and attacking my system ..

[essexboy]

OK lets work outside of windows

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

• Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
• Launch drwebliveusb.exe.
• The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).

• To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
• Files will be copied automatically.
• Once the copying process is completed, press the Exit button to close the application.
• Reboot the infected computer with the USB in the drive
• Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  
• As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

• Use arrow keys to select  DrWeb-LiveCD (Default)

• Press select objects for scanning

• When the system is loaded, check the disks or folders you want to scan, and click on Start.
• The programme will now scan for and cure/delete any malware that it finds.  Allow it to do so 

• When it has completed

• Select Open Report and copy to the USB
• Once completed reboot to normal windows, and attach the report here

[REDACTED]

Alright I'll scan and post back result.

BTW does it really take 21hours(based on the screenshot timer) to run a full scan?

[essexboy]

It could do as it will scan every file on the system.  You could leave it run overnight