So I have had malware that evaded Avast for some time now. It's using obvious techniques but even Avast has been beaten! Let me Explain.
The malware modified the bootloader. So I am fairly sure it runs my os as a VM on my own machine like a hyper visor. Why do I think this? 88% of memory is usable maybe 91% now and if I try and go over it, everything will freeze up.... That is until I reboot and clean the bootloader..... But here is where it gets even more interesting. It also reinfects the bootloader after one or two reboots..... When the PC starts up Avast Secure Browser and Microsoft Edge run for a while. They could easily load Webkit exploits. (it's where I would target if this was my attack) So something is still here, infecting the machine.... Avast cannot even connect to the remote help and I have a premium account. When I cleaned the boot loader and used Memtest programs, I could use the memory 100% with no slowdown or any issues. So it's obvious malware trying to be not so obvious. It's using techniques I typically see when security researchers attempt to compromise a video game console. It's very effective too.
I felt lazy for a while due to fibromyalgia, or I would have dealt with this immediately. But I want to figure out what this is and stop it so it's no longer an issue. My assumption is I was infected with a webkit attack/exploit at some point in the last year or so. If not, then it is another PC on the network that has been responsible. Either way. This needs to be detected and removed. If the source can be discovered as well, it should be learned from and countermeasures deployed.
