Hi!
Few months ago I’ve made similar topic about hidden process which doesn’t have a name and can’t be found. I’ve abandoned that research but decided to try again.
So, here’s the screen:
http://i.imgur.com/S2bWnQ0.png
As you can see, there’s unnamed process.
Using SysInternals TCPView I found that it has PID 0 and is hiding under [System Process] name: [System Process] 0 TCP skitpc 50134 80.150.191.185 http TIME_WAIT
Doing netstat -abno > netstat_result.txt I got that result:
[Dropbox.exe] TCP [my_ip]:50134 80.150.191.185:80 TIME_WAIT 0
Another time netstat result showed me that this process which has PID 0, faked iexplore.exe and other time it showed that information about proces name cannot be resolved.
Also while scanning for rootkits with GMER, I found that there’s something called ysyfer.sys in %SystemRoot%/System32/Drivers but it’s hidden, so I can’t locate it using Explorer.exe or GMER .etc
Also GMER keeps crashing during rootkit scan.
This proces can be seen by VirusTotal Uploader app, but can’t be uploaded:
http://i.imgur.com/KgmrJ5q.png
This unknow process keep sniffing on websites I browse using IE (but other apps also are sniffed) and occasionally but regularly (every few or dozens of seconds) refresh local ports and destination addresses.
How to find it and kill it?
Scanning with MBAM, MBAR (Malware Byte’s Anti-Rootkit), Kaspersky TDSSKiller, Kaspersky Rescue Disk, Comodo Cleaning Essentials, MS Security Essentials, Comodo Rescue Disk, didn’t found anything - both quick and full scans in normal mode, freshly after database updates, without network connection.