Thank you for the speedy reply! I just got a smoothie, came back, and this was here! I am uninstalling Symantec now to see if this works. However, all the other computers also have symantec and do not show this on their AVG scans. Unfortutely, on these computers I need both Symantec and AVG because AVG does not have the network protection and traffic logging capabilities of Symantec and Symantec is simply a weaker anti-virus program than AVG for local issues. I've found most of the other issues that happen between thte two, but since these hits are random and the location is "unknown" it was hard to believe it was coming from Symantec. Scan is now finished with Symantec uninstalled and...not showing. It was Symantec. I'll add those to the ignore list as I need both AVs running. Thank you sir. :D
The rootkit search on the free version of AVG continues to find that these service functions are infected hooks. It does not give me a location to find them and there's no way I'm paying you money to fix something your program finds but doesn't take care of. I have ran TDSSKiller as well, but it did not find anything. However, after researching NtCreateThreadEx, the only time it is used seems to be with malware.
I have:
- Replaced the hard drive three times from scratch with HP Recovery Discs
- Flashed the bios
- Ran TDSSKiller with all options selected
- Ran gmer, but the results were…confusing.
- Contacted my school's cyber security team.
However, this is YOUR product that is finding it, so I thought I should finally go to you. I have three other computers of the same exact type running the same exact programs that do not come up with this. The computers are three or four years old and I was doing a project where I was replacing them with new computers and then going to use these computers to replace some even older XP computers -so that's how I know they all are the same model with all the same programs, because they were just reformatted and I put the standard programs on them.
Sorry if this is rambly and disorganized. I'm just a little worn out from trying to problem solve this on my own. I found a blog with a reference explaining DLL-injections which utilizes NtCreateThreadEx and seems to mainly be what NtCreateThreadEx is used for:
http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
Or if you don't want to click on the link, a google search of "ntcreatethreadex dll injection" brought it up.
-min
Thank you for the speedy reply! I just got a smoothie, came back, and this was here! I am uninstalling Symantec now to see if this works. However, all the other computers also have symantec and do not show this on their AVG scans. Unfortutely, on these computers I need both Symantec and AVG because AVG does not have the network protection and traffic logging capabilities of Symantec and Symantec is simply a weaker anti-virus program than AVG for local issues. I've found most of the other issues that happen between thte two, but since these hits are random and the location is "unknown" it was hard to believe it was coming from Symantec. Scan is now finished with Symantec uninstalled and...not showing. It was Symantec. I'll add those to the ignore list as I need both AVs running. Thank you sir. :D