vbma92a1.sys

So I was looking at another infected laptop *sigh*......

This one was redirecting web traffic to all sorts of places and stopping processes such as rootkit revealer, process explorer dead in their tracks. Since I couldnt see nothing obvious in services, the run key or Task manager I suspected a driver based rootkit... and I was right :)

I looked in system32\drivers and noticed a file called vbma92a1.sys that was dated a few days ago so I renamed it to .old and it recreated itself on next reboot, aha!

I then booted into an offline environment and deleted it and created a dummy vbma92a1.sys file in its place, denying everyone and everything access to it.

Upon rebooting all of my tools now worked :)

just gotta give it a quick scan with something other than what is installed and it should be good to go ;)

hope this helps!