Over 1 million tech questions and answers.

Lyons and Tigers and Rootkits Oh My!

Q: Lyons and Tigers and Rootkits Oh My!

Hello all, This is my first post. My brother in law guided me here and tells me that there are potential friends and super techs that may be able to help me rid my computer of bad guys. He asked me to post this HiJack This log and to await further instructions. If this post is twice on it is because I could not find it after I posted the first time.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Lyons and Tigers and Rootkits Oh My!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 52.4

Ok so I seem to have more infections than a hosiptal wing. I've tried doing the things I've seen in other threads but nothing seems to get cleaned at all. I've downloaded the following in my search for cleanliness:
Spybot Search and Destroy

Counter Spy
Ad Aware
Ewido Anti-Spyware
CleanUP!
Hijack This

I have ran all of these in normal mode and safe mode, and everything just keeps coming back. If I run the same one over and over it will always find something, it never comes back clean. I found this God send of a site by searching for the "Command Service Virus" and "TagASaurus virus" and tried to follow those streams. Nothing seems to be working so I thought I should start fresh and hope that you'll help me. Important note I've just installed a new hard drive and clean Windows XP before this happened. I have no data to lose if you think formatting my drive and reinstalling XP from the begining would do the trick I have no problem with that. But I've heard that doesn't always get rid of viruses.

Also I use Firefox as my browser.

Here is my Hijack this log file.

Logfile of HijackThis v1.99.1
Scan saved at 5:08:24 PM, on 9/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchos... Read more

A:Lions and Tigers and Viruses OH MY!

Read other 16 answers
RELEVANCY SCORE 50

AUBURN, Ala. -- Auburn All-Southeastern Conference linebacker K.J. Britt will undergo thumb surgery.
Team spokesperson Kirk Sampson said Thursday that Britt is scheduled to undergo surgery on Friday, a day before the 13th-ranked Tigers host Arkansas. It wasn't immediately clear how long Britt will be out.
Britt is leading the team with 23 tackles through two games, including one tackle for loss. He was a first-team Associated Press All-SEC pick last season and is a team captain.
Britt had 69 tackles last season, including 10 for a loss and 2.5 sacks. Freshman Wesley Steiner is listed as his backup.
Fellow linebacker Chandler Wooten had already opted out for the season.
More site:cffanstore.com

Read other answers
RELEVANCY SCORE 34

I scanned with AVG AntiRoot Kit and found 2 listed in Documents & Setting as ApplicationData\Norton. I use Norton AV. Can I leave these 2 items alone or if I delete them will it affect my Norton AV.
 

A:Rootkits

Look up their names on the internet to be sure.

Norton is one of the first AV programs that is inactivated by many viruses, so it may not be able to detect any infections. Try scanning with another scanner, like the online TrendMicro Housecall.

If it does cause problems for Norton, you can reinstall it.
 

Read other 2 answers
RELEVANCY SCORE 34

I was cleaning a PC for a client recently, when I came across the newest threat to PC security the most fatal root kit. This person obviously had no free or paid version of antispyware which led to the grossest infestation and cocktail of malware, spyware, trojans, and rootkits that i had ever seen at least 700 yes 700 or more instances were found using more than twelve different scanners. Nevertheless there is still some system level infection that is preventing updates of the system files and crashes upon install. giving me a dumprep o - u or o - k upon reboot and of course the blue screen of cpu death. I am trying to avoid a complete D-ban wipe of the drive and reinstall of windows , that's if I can avoid it since this is great practice for my IT skills. I am currently running RootKit Revealer but I can't make any sense of the data. I have run Blacklight and Sophos already each finding their own fair share of threats. The motherlode however was discovered by none other than Super Antispyware free ed finding over 600 infestations at once. At one point the virus was actively installing tray icons and desktop icons while I was in the process of cleaning the system. Giving false alarms that your system is infected with a virus and then taking you to a web page even though at the time the wireless modem was inoperable. This was obviously being performed by some bogus anti spyware that was installed by the user.

This is the BLACKLIGHT scan Log revealing and removing w... Read more

A:The Age of RootKits

Read other 16 answers
RELEVANCY SCORE 34

hi i will add scan results
AVG is showing 2 rootkits
 

A:2 rootkits

Read other 7 answers
RELEVANCY SCORE 34

I ran AVG and it comes up that I have rootkits I am not that good with computers but I have tryed to get rid of them and can't now I need help ! I think I have sent everything that has been asked of me. Please if you can help I would be soo thankful!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by emmie at 13:22:00 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.498 [GMT -4:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32... Read more

A:I have rootkits and can't get rid of them HELP

Hello and Welcome.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

As stated in our pre-posting sticky topic...

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum


Quote:




If you have more than one antivirus software installed, leave only ONE and uninstall the others




While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, AVG and McAfee. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remov... Read more

Read other 17 answers
RELEVANCY SCORE 34

Hey all , I am just learning of rootkits and was curious what would be some good programs to use to check for them. I run avast and spysweeper normally, I dont know if either would find a rootkit? Thanks G
 

Read other answers
RELEVANCY SCORE 34

Me again, different computers now, I scanned my atapi.sys file on VirusTotal and ESafe said it had a Win32.Rootkit and that lsass.exe and ctfmon.exe had Win32.Bankers in. I've scanned with about 6 different anti virus and nothings come up on them and the computers working fine. I'm wondering if its a false positive or if i really do have a rootkit. However the other one comes up as a Hueristic Patched thingy from Macafee so I think thats a real problem. Heres the DDS and RootRepeal logs from my computer, will post the one from the other computer as soon as i can.DDS (Ver_09-12-01.01) - NTFSx86 Run by Ryan at 12:48:54.98 on 27/01/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1163 [GMT 0:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\1.2.183.13\GoogleCrashHa... Read more

A:Possible Rootkits

Dont know if this pc has been running abnormally but heres the VirusTotal scan results, DDS log. Both this computer and the one i first mentioned in a different thread use some sort of Runescape tools whereas the one above doesnt. Think that may have given them the rootkits.http://www.virustotal.com/analisis/737be9f...f3bd-1264550960DDS: DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 12:55:16.50 on 27/01/2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17Microsoft? Windows Vista???? Home Premium 6.0.6002.2.1252.44.1033.18.2814.1125 [GMT 0:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32... Read more

Read other 3 answers
RELEVANCY SCORE 34

I'm using Windows 8 and every window I open opens a help window on top of it, from Windows Help and Support to Chrome's help page when online. I had Avast which said I had two unknown rootkits however it wasn't able to delete them. I have since "restored" my laptop but the issue persists. Kaspersky TDSSkiller didn't find anything, and I've tried GMER but couldn't interpret the results. Any help would be much appreciated!

A:possible rootkits

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

Read other 1 answers
RELEVANCY SCORE 34

Hello! I was out on a pleasant vacation and arrived at home recently. When I sat down by my computer I got a problem, I couldn't open chrome. Everytime I try to launch Google Chrome I get an application error saying "0xc0000022". After looking around a bit on the internet I drew the conclusion that it might be a rootkit on my pc which is causing this.
 
I tried both Bitdefender and Sophos Anti Rootkit though none of these seems to find any rootkits when I do a full scan yet I still cannot open chrome.
 
Do you have any suggestions on what else I can do? Is there any other program to use? Is it perhaps not a Rootkit but something completely different?

A:Rootkits on my pc?

 Computer make & model, Windows version?  
 
 Have you tried uninstalling & reinstalling Chrome?  Another thing you could try would be SFC.  Click Start & in the search box type CMD, then right-click CMD.EXE and click Run as administrator.  From the command prompt type sfc /scannow.  You could also try Malwarebytes.
 
Good luck.

Read other 7 answers
RELEVANCY SCORE 34

Hi

Can anyone tell me the noticeable symptoms of a rootkit infection. My computer has been running slow and when I do searches on internet (most using igoogle) I get this weird diamond shaped symbol after my text in the search box after my search results are displayed. Not sure what is causing this. I will post a hijack this log and also the rootkitrevealer log shortly.
 

A:Rootkits

Logfile of HijackThis v1.99.1
Scan saved at 2:49:40 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Fi... Read more

Read other 3 answers
RELEVANCY SCORE 34

Hi! I've just been doing a little reading of rootkits, which I didn't even know existed. My research came up with Rootkit Unhooker, but there's no documentation on how to use it. Supposedly, it's the best---Microsoft bought them out, but does anybody know how to use it? The help contents are empty, and I've been googling, but with no results. I ran it and came up with some "hooked" files, but I don't know if I should do anything about them---I don't know what hooked means. Any and all responses will be greatly appreciated. Thanks.

A:Rootkits

Hello and welcome to TSF.

This is not a discussion thread. If you suspect your computer may be infected, we want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 34

HI,I have seen some of the tutorials about using rootkit downloads just how do they work and are they safe for relativelyinexperienced user to use and not ruin their PC so that it would make a door stop,thanksEdit: Moved topic from Firewall Software and Hardware to the more appropriate forum. ~ Animal

A:rootkits

Hello LOVEMYPC -
 
Rootkit - Wikipedia
Wiki is always a good place to start .........
A standard check tool is this -TDSSKiller - TDSSKiller is a utility created by Kaspersky Labs that is designed to remove the TDSS rootkit. This rootkit is know under other names such as Rootkit.Win32.TDSS, Tidserv, TDSServ, and Alureon. TDSSKiller will also attempt to remove other rootkits such as the ZeroAccess or ZeroAccess rootkit if it is detected.

You can run this (it will not hurt in any way) Directions -
Download TDSSKiller and save it to your desktop.
* Extract (unzip) its contents to your desktop.
* Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is require, click on Report. A log file should appear.
* You can copy and paste the contents of that file here if you wish (unless the topic is moved)
* If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Read other 7 answers
RELEVANCY SCORE 34

Given the fact that there are now 64 bit rootkits (I just had to use hitmanpro to clean one in Windows 7), will combofix come out with a 64 bit version of the SW?

A:64 bit rootkits

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 34

Hi,A few weeks ago, I got a bad rootkit infection from TVShack.net. It prevented me from using any of my security programs, including MalwareBytes Anti-Malware and McAfee. However, I was able to get into safe mode and manually delete a lot of the files and registry items that belonged to it. This rootkit pretended to be a fake security program called Security Central. I also used Revo Uninstaller to get rid of Security Central itself. Finally, in regular mode, I was able to use MalwareBytes and McAfee to get rid of the remainder of this malware. Everything went back to normal.Then, this past Sunday, I did a routine scan with MalwareBytes. I started scanning right before I went to sleep. When I woke up, I saw that MalwareBytes had only found one item, but McAfee found a bunch of items, including trojans and rootkits. Some of the items were actually MalwareBytes, so I thought the two programs had conflicted. Prior to the scan, I had no problems. However, after the scan, I had some bad malware infection, where Task Manager was disabled, among other things. It turned out to be the Netsky 32 Worm or whatever it's called. I believe that McAfee may have let items out of MalwareBytes' quarantine, lol.This malware changed my desktop background and redirected some of my searches in Google. It also brought up occasional pop-ups in my browser. I ended up deleting some of the known files that belonged to the malware and running System Restore (I restored to a few days earlier). Th... Read more

A:Possible Rootkits

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

Read other 34 answers
RELEVANCY SCORE 34

Hello all- I have run CF now three times since last night. I have run chkdsk, malwarebytes and Trend Micro's scan and currently they all come back either nothing malicious or clean volume. This is all after I realized two days ago that I had received "worm.win32.netsky". T-micro did quarantine two files and advised they had turned away 7 viruses and 95 spywares, etc. After T-micro I ran M-bytes which picked up 50+ infected files. My ISP tech support people recommended CF which I ran last night and it seemingly made it all better, after alerting me to the presence of a "rootkit" and re-booting before continuing with the scanning. The third attempt just completed under safe mode as I could no longer boot otherwise, still came up with the evidence of a rootkit and successfully re-booted and did complete the scanning. Before this last booting and running in safe mode, all appeared fine as I was able to open Outlook and access Internet Explorer but then after a few minutes we started slowing down and ultimately became non-responsive to the point I was only able to shut down the computer and nothing else. I have not ventured beyond this forum since I printed my last log. Prior to this 3rd CF scan, I did run DDS and was running Gmer when we stalled out. Guidance please. Thanks for your time. Steve

PS-An old note also mentions "Trojanspm/LX", at this point I don't remember where I saw that.......

A:Rootkits

Hello and welcome.. first note the blue text abve this forum. Stop running combofix. Instead Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include the Lasy ComboFix log.Let me know if that went well.

Read other 5 answers
RELEVANCY SCORE 34

I ran AVG Anti-Rootkit and here's what it found (attached image). How should I proceed? HJT log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:38:59 AM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Slick Run\sr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Mozilla Firefox... Read more

A:Rootkits

fred2028 said:

I ran AVG Anti-Rootkit and here's what it found (attached image). How should I proceed? HJT log:Click to expand...

Bump
 

Read other 2 answers
RELEVANCY SCORE 34

hi my 1st time in here but ive a problem when i boot my pc f-secure i use has found an infection : Rootkit.win32.Agent.fi in c:\\windows\system32\drivers\JBMGT.sys
and say the file was deleated but on each boot it says the same ive tryed looking for it and used
bitdefender_antirootkit-BETA2
F-secure blacklight
and a few other programs but dont know if its bad or not plz help if this is thx
 

Read other answers
RELEVANCY SCORE 34

Hi! I've just been doing a little reading of rootkits, which I didn't even know existed. My research came up with Rootkit Unhooker, but there's no documentation on how to use it. Supposedly, it's the best---Microsoft bought them out, but does anybody know how to use it? The help contents are empty, and I've been googling, but with no results. I ran it and came up with some "hooked" files, but I don't know if I should do anything about them---I don't know what hooked means. Any and all responses will be greatly appreciated. Thanks.

A:Rootkits

I have never heard of Rootkit Unhooker. In the antimalware forums we use several other tools for dealing with rootkits. If you're worried about a malware infection I suggest you start a thread in Am I infected? What do I do? stating all your symptoms, any steps you have already taken in an attempt to solve the problem, and any other details you can provide that may prove useful. Someone should be able to help you there!~Blade

Read other 7 answers
RELEVANCY SCORE 34

Hello. I just installed AVG free 10 version and did a rootkit scan. I have 272--all "white listed or hidden" so not removed. What does this mean? Is there any remedy? Have windows XP SP3. Thanks kindly.
 

RELEVANCY SCORE 34

Surfing the net I clicked on a link and suddenly my computer just shut down as if I had done it myself. After booting up again I did a virus scan and found BITDEFENDER 1400 threats related to rootkits. Now after having scanned maybe 10 times it is saying 1900. Scary. It appears that BITDEFENDER only un-hides these items but cannot do anything with them. My computer still does odd things. Sometimes it does not load all programs at startup, sometimes it wont shut down, sometimes I get an error message with an IE script error, asking if I want to continue to run scripts on this page. I did a scan with a Rescue CD from BITDEFENDER as well it came up with nothing. I went through the steps that you asked before posting this file.Thankyou very much for your help Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:55:22 AM, on 11/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2... Read more

A:I have rootkits......I think

Would there be anyone who could please take a look at this hijack log. My computer is doing the strangest things. Today it suddenly started to configure a bluetooth network, then it shut down again. It also displays a error message asking if I want to run scripts on the main page of Explorer. I have tried to clean it and suddenly it has started to say that there are 1400 something files that cannot be scanned as they are protected by password. I am quite worried as I am not in my country and cannot close down my bank account. Regards Mustardseed

PS I just saw that it says I should not bump the message I am not sure if that is what I am doing by posting again, if so then sorry I guess I screwed up then. I am just about ready to toss this thing overboard.

Read other 16 answers
RELEVANCY SCORE 34

After running AVG, I found 3 Rootkits.

"Object name";"MBR"
"Detection name";"Rootkit.TDSS.TDL4"
"Object type";"file"
"SDK Type";"Rootkit"
"Result";"Object is hidden"
"Action history";""
-----------------------
"Object name";"C:\WINDOWS\system32\drivers\ddpkse.sys"
"Detection name";"IRP hook, \FileSystem\Ntfs IRP_MJ_CREATE -> ddpkse.sys +0x267D"
"Object type";"file"
"SDK Type";"Rootkit"
"Result";"Object is hidden"
"Action history";""
--------------------------------------------------
"Object name";"C:\WINDOWS\system32\drivers\ddpkse.sys"
"Detection name";"IRP hook, \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL -> ddpkse.sys +0x437E"
"Object type";"file"
"SDK Type";"Rootkit"
"Result";"Object is hidden"
"Action history";""
-------------------------------

I had a message coming up, saying that I had a virus. But I knew it was malware. So I updated my AVG, and found 3 rootkits. Haven't done a virus scan yet. The malware is not coming up right now. It was saying XP security, and there were 2 shields. One red, and one yellow. I saved a file, but I can't r... Read more

A:I have 3 Rootkits.

Hello, To remove these we will need these logs also.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

Read other 6 answers
RELEVANCY SCORE 34

I am working on a laptop, I scanned with MBAM and I had/have Trojan.TDSS SKYNET trojans and the lot...I just want to make sure its all removed.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:43, on 2009-07-21Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Spybot - Search &... Read more

A:Rootkits and the lot

Added: I cant use MS Update.

Read other 3 answers
RELEVANCY SCORE 34

In my recent work on two of my friend's computers, they were BOTH infected with MBR rootkits. After running Combofix on both of them, it did remove the spawn of the rootkit, BUT, until I rebooted, expecting a clean computer, and then seeing the rootkit come back, then I realized that I hadn't actually killed the rootkit. I immediately booted back into recovery and typed a fixmbr. that's when I saw the evidence that the rootkit was still in the MBR. I got a caution that the MBR was non-standard or invalid. Once I rewrote the MBR, it killed the rootkit. I just wanted to share this, since my google's never hinted about this at all. jimmyEdit: Moved topic from Introductions to the more appropriate forum. ~ Animal

Read other answers
RELEVANCY SCORE 34

Can someone please explain "rootkits" to me? What are they and what they do?

A:rootkits

Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:What danger is presented by rootkits?Rootkits and how to combat themr00tkit Analysis: What Is A RootkitThanks to quietman7

Read other 2 answers
RELEVANCY SCORE 34

Hello! Thank you in advance for all of your help! About a week and a half ago I somehow had something slip into my computer. I quickly used Super AntiSpyware and Malwarebytes and it was removed and acted fine for a few days. I also have trend micro as my antivirus software. Then, it started redirecting my google searches. I researched a bit, and found that a rootkit may be my problem. Since then, I downloaded Hitman Pro 3.5, and it has found three different types of rootkits. I thought it removed them, but I seem to still be having issues, and one still comes up in the scans. This morning my computer was working significantly worse, and I have been working in safe mode just to complete everything needed for this post. I appreciate any help you can give me. I am at a loss as to what to do next... I am not familiar with rootkits at all. Thank you! DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Heather at 15:58:12.07 on Sat 07/10/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2718 [GMT -7:00]AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\... Read more

A:Rootkits

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 16 answers
RELEVANCY SCORE 34

Hi,
I'm running XP Pro and about 3 weeks ago I had alsorts of problems, System Restore points wiped out, multiple windows opening when only clicking once, etc.etc. then eventually I couldn't boot normally, only in safe mode. I use my computer a lot, particularly on the internet as I'm living most of the time in Tenerife, so I contacted Microsoft who guided me through the 1st part of the problems, ie reducing all my startup programs. Eventually I got my computer to boot properly and ran scan after scan with AVG, SuperAntiSpyware,CCleaner. The programs found quite a lot of malicious software. I thought I had beaten the infections but just recently I found the Internet running very slow, I contacted Telefonica who checked my line and they said their connection was fine but I had a lot of traffic, even though I had no internet programs running. I then discovered the existance of rootkits so I did a scan with Microsoft/Sysinternals RootKit Revealer. It threw up about 12 instances of irregularities, so I asked to save the file on my desktop but after closing the program I couldn't find the file!

I have enclosed a HJthis logfile and hope someone can help as I do use the computer a lot as I'm virtually housebound.

Kind Regards,

Dave
 

A:Rootkits???

Read other 16 answers
RELEVANCY SCORE 34

can someone help my removing a rootkits
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2015 4:14:58 PM
System Uptime: 8/30/2015 7:11:31 AM (4 hours ago)
.
Motherboard: Acer | | JE41_CP
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 76.961 GiB free.
D: is FIXED (NTFS) - 181 GiB total, 1.086 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 7 GiB total, 1.703 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 8/27/2015 6:59:07 PM - ComboFix created restore point
RP50: 8/27/2015 8:14:06 PM - Before uninstalling Mozilla Firefox 40.0.2 (x86 en-US)
RP51: 8/28/2015 12:30:15 AM - F-Secure malware removal
RP52: 8/28/2015 1:45:50 AM - JRT Pre-Junkware Removal
RP53: 8/28/2015 1:55:44 AM - F-Secure malware removal
RP54: 8/29/2015 3:20:38 PM - Created By FixIEDef
RP55: 8/30/2015 10:44:00 AM - Windows Update
.
==== Installed Programs ======================
.
9-lab Removal Tool
ACDSee 18
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Apple Application Support
AVS Video Editor 7.1
BB FlashBack Pro 5
Broadcom 802.11 Network Adapter
Broadcom Gigabit NetLink Controller
Browser Cleaner
CaptureWizPro 5.40
Chromodo
Cisco EAP-FAST Module
Cisco... Read more

A:rootkits

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.51.2
Run by b at 11:26:21 on 2015-08-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2807.449 [GMT 3:00]
.
AV: COMODO Antivirus *Enabled/Updated* {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Maxthon App Store\1.0.0.10539\MaxthonAppstoreSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
c:\Program Files\Common Files\Protexis\Licens... Read more

Read other 1 answers
RELEVANCY SCORE 34

Hi all, I posted this information below a few days ago.....

"Hi All! I've got a computer with some nasty stuff on it. When I first boot it up, there are several pop up alerts stating "winupd2573" wants to run. Then, half of the desktop is gone along with all of the start menu items. I'm also having redirect problems.

I ran Rkill to stop any malware and then successfully ran MBAM. MBAM found 75 trojans (some listed in the description of this thread). I removed them using MBAM. I also ran SAS and it found a few things too. After completing the two scans, I rebooted the computer. I did this three times, only to have the same problems as stated beforehand (each time the scans found less and less threats).

I have ran TDSS twice with no results. I left the computer for a while and came back after about four hours. It had shut itself down. So in one last attempt, I restarted and re-ran Rkill, MBAM, SAS, and TDSS (in that order). Results? Nothing. Not one "threat" was detected in each scan HOWEVER, I am still infected because I am still having the same problems (i.e. pop ups, missing desktop, redirects, etc).

Please help! Thanks in advance!

One more thing! I deleted the outdated (and thus not activated) Norton and installed MSSE."[/color]

I was then redirected to this forum. I read the instructions and downloaded DSS and Gmer. I executed DSS and had the CMD screen pop up telling me this scan should only take 4 mintues.... Read more

A:Rootkits and more Rootkits

Ok, I was finally able to get the DSS to work. And have saved the logs. It now looks like Gmer is running too instead of shutting down the computer. I'll post as soon as it's done.

.

Read other 4 answers
RELEVANCY SCORE 34

can someone help my removing a rootkits
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2015 4:14:58 PM
System Uptime: 8/30/2015 7:11:31 AM (4 hours ago)
.
Motherboard: Acer | | JE41_CP
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 76.961 GiB free.
D: is FIXED (NTFS) - 181 GiB total, 1.086 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 7 GiB total, 1.703 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP48: 8/27/2015 6:59:07 PM - ComboFix created restore point
RP50: 8/27/2015 8:14:06 PM - Before uninstalling Mozilla Firefox 40.0.2 (x86 en-US)
RP51: 8/28/2015 12:30:15 AM - F-Secure malware removal
RP52: 8/28/2015 1:45:50 AM - JRT Pre-Junkware Removal
RP53: 8/28/2015 1:55:44 AM - F-Secure malware removal
RP54: 8/29/2015 3:20:38 PM - Created By FixIEDef
RP55: 8/30/2015 10:44:00 AM - Windows Update
.
==== Installed Programs ======================
.
9-lab Removal Tool
ACDSee 18
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Apple Application Support
AVS Video Editor 7.1
BB FlashBack Pro 5
Broadcom 802.11 Network Adapter
Broadcom Gigabit NetLink Controller
Browser Cleaner
CaptureWizPro 5.40
Chromodo
Cisco EAP-FAST Module
Cisco... Read more

A:rootkits

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.51.2
Run by b at 11:26:21 on 2015-08-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2807.449 [GMT 3:00]
.
AV: COMODO Antivirus *Enabled/Updated* {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
SP: Comodo Defense+ *Enabled/Updated* {493CE176-EB84-BC8D-9707-B3ACF7598648}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Maxthon App Store\1.0.0.10539\MaxthonAppstoreSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
c:\Program Files\Common Files\Protexis\Licens... Read more

Read other 1 answers
RELEVANCY SCORE 34

I was reading about rootkits and it appears that it is capable of creating havoc to your system and your financial data if a hacker gets your information.

I have a desktop and three laptops connected through a router. One of the laptops seems to be infected and looking at the symptoms it might be a rootkit. One of the moderators is helping me getting rid of it.

Can someone tell me what the dangers are to my other two laptops and desktop with this infection in one of the laptops? Should I be disconnecting from the Internet in all the computers ?

Thanks for your help.

A:RootKits

It's a definite rootkit infection
It would be wise to isolate the computer from the rest

Read other 5 answers
RELEVANCY SCORE 34

Yes I have 4. AVG will not fix them. I dl malwarebytes. I had to copy the exe file and rename it just to acsess the scan.
Now I get about 2min into scan before it freezes and will not respond. PLEASE HELP ME!!!! I know im so close.

Sorry if this is in wrong section. PLEASE HELP

A:I have 4 rootkits!!! help

Let me explain better. AVG scan detected 4 rookits,but it cant delete them. I googled a bit and came across malwarebytes.
I downloaded it but I couldnt get it to run. I finally copied the exe file and renamed it,aparently this bleeper knew the malewarebytes file name and wouldnt let me run it. I tricked it , but now it has the last laugh. About two min into the scan malewarebytes scan freezes and will not respond. Ive reboot like 7 times and tried scaning again. Same result, It freezes and wont respond. I gotta fix this before my wife gets home and finds out I bleeped up her laptop. She will skin me alive
PLEASE HELP ME I AM SOOOO STUCK
EDIT: Almost forgot. This rootkits does this. Every time I open IE, I get a pop up that windows cant run globalroot\systemroot\system32\qcvccrntflocxcxxasubg. or it has been installed wrong.
I picked this up dowloading a DVDrip. AVG diddnt detect anything wrong with the file, or else I would have never downloaded it

Read other 11 answers
RELEVANCY SCORE 34

I first posted this on Friday.

After running AVG, I found 3 Rootkits.

"Object name";"MBR"
"Detection name";"Rootkit.TDSS.TDL4"
"Object type";"file"
"SDK Type";"Rootkit"
"Result";"Object is hidden"
"Action history";""
-----------------------
"Object name";"C:\WINDOWS\system32\drivers\ddpkse.sys"
"Detection name";"IRP hook, \FileSystem\Ntfs IRP_MJ_CREATE -> ddpkse.sys +0x267D"
"Object type";"file"
"SDK Type";"Rootkit"
"Result";"Object is hidden"
"Action history";""
--------------------------------------------------
"Object name";"C:\WINDOWS\system32\drivers\ddpkse.sys"
"Detection name";"IRP hook, \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL -> ddpkse.sys +0x437E"
"Object type";"file"
"SDK Type";"Rootkit"
"Result";"Object is hidden"
"Action history";""
-------------------------------

I had a message coming up, saying that I had a virus. But I knew it was malware. So I updated my AVG, and found 3 rootkits. Haven't done a virus scan yet. The malware is not coming up right now. It was saying XP security, and there were 2 shields. One red, and one yellow. ... Read more

A:I have 3 Rootkits.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other answers
RELEVANCY SCORE 34

Avg has found found 6 "corrupted" things.

"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x4504, size 7 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x5248, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x63C5, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x8230, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x8673, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0xB71F, size 8 bytes";"Object is hidden"

Any help here would be greatly appreciated.
This also has just popped up on my desktop as well , there is even a seventh one on it. I'll post them in a moment.
 

A:possible rootkits?

"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x88F, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x4504, size 7 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x5248, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x63C5, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x8230, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0x8673, size 8 bytes";"Object is hidden"
"";"<unknown>";"Corrupted section win32k.sys[.text] XLATEOBJ_cGetPalette+0xB71F, size 8 bytes";"Object is hidden"
 

Read other 3 answers
RELEVANCY SCORE 34

As instructed by boopme I created a new topic. The problem started as the exeplorer.exe from time to time using 20% of cpu even when idle, and now it seems that the computer have deeper infections. 

 

Here are the Attach, DDS and RogueKiller logs:
 
DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041
Run by Henrique at 1:33:34 on 2014-05-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.4079.2194 [GMT -3:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\P... Read more

A:Looks like Rootkits

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533837 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 18 answers
RELEVANCY SCORE 34

I have a problem (apparently)

I ran AVG rootkit,and... it came up with 2x rootkits.

This is what it looks like
====

Scan "Anti-Rootkit scan" completed.
Rootkits;"2";"0";"2"

Scan started:;"Saturday, 17 March 2012, 9:43:11 PM"
Scan finished:;"Saturday, 17 March 2012, 9:44:55 PM (1 minute(s) 44 second(s))"
Total object scanned:;"147738"
User who launched the scan:;"SYSTEM"

Rootkits
;"File";"Infection";"Result"
;"<unknown>";"Corrupted section ntkrnlpa.exe[PAGE] IoCheckShareAccess+0x10D5, size 4 bytes";"Object is hidden"
;"<unknown>";"Corrupted section ntkrnlpa.exe[PAGE] SeSetAccessStateGenericMapping+0x144, size 4 bytes";"Object is hidden"
====

I dont understand. I have Avast, a very decent AV, and I did full scan and it was clean. I used MBAM, it was clean. I used Avast's Bootscan before windows start up, it was clean. I did ESET onlinescanner, it was clean..

So, is this just an error from AVG? What can I do to remove these 2 rootkits?
Should I try running in safe mode and full scan with SuperSAS? EDIT: Done that, no infection at all. Also ran TDSSKiller, and its fine.

So...is this only AVG?

A:2x Rootkits....?

Does this concern the same computer as the topic here: http://www.bleepingcomputer.com/forums/topic446429.html ?

Orange Blossom

Read other 11 answers
RELEVANCY SCORE 33.6

I've heard a lot about rootkits lately but don't really understand what they are, or how they work. All I know is that a rootkit is a malicious program that hides another malicious program (is this correct?)

How do you get infected with a rootkit? can you get them from malicious websites and email attachments, just like trojans and viruses?

Do antiviruses and antitrojans detect them in real time and stop them?

Thanks
 

A:Solved: Rootkits

Read other 6 answers
RELEVANCY SCORE 33.6

Is it possible for a refurbished/factory-reconditioned computer system to come with a rootkit infection? I purchased a refurbished laptop (IBM Thinkpad T43) from Overstock about 3 months ago, and have been having problems with it since. It did not come with any discs, and the first time I turned it on, it automatically ran an installation of Windows XP off the hard drive.If Overstock will not replace the computer (I'm not too hopeful), I've already decided that I want to just reformat and reinstall the OS. Will this guarantee that the rootkit is gone, or is there a chance it will still somehow be in the system? Here's the original thread where I posted about this. Didn't get an answer to my last post there, so figured I'd try again. Using an old laptop now - haven't turned on the infected one since I realized how serious the problem was.http://www.bleepingcomputer.com/forums/t/267026/need-help-rootkit/Thanks!Jennifer

A:Question about rootkits

Did they did a reformat and reinstall (clean install) the OS or just do a repair install? Reinstalling Windows without first wiping the entire hard drive with a repartition/reformat will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards.Any company that would sell infected machines would not be in business very long, so I doubt a rootkit was on the computer when you purchased it.BTW, since you already were receiving help in that other thread, you should have continued there. You should not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. It appears I missed the notification on your last reply but you could have replied again to bring it back to the top. I have now closed that thread to avoid confusion.

Read other 3 answers
RELEVANCY SCORE 33.6

Some Observations on Rootkits.

Here are a couple tips to avoid getting hit by a rootkit:
1) Keep real-time protection enabled
while running up-to-date antimalware software is essential, it does little good if you turn off the real-time protection feature. If you lower your defenses and a rootkit does get through, finding and removing it can be a tricky endeavor. Keep your defenses up and you're much less likely to have headaches down the road.
2) Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit. Click to expand...

-- Tom
 

A:Some Observations on Rootkits

 

Read other 1 answers
RELEVANCY SCORE 33.6

I've done bootscans with Avast, which has detected a few pieces of Malware (MalwareBytes did not detect it). But I keep finding more each time I do it. Would just like to get this machine clean.
 
The DDS program won't run, presumably because I'm using Windows 8? What can I use to post a log here to get some help.
 
Thank you.

A:Trojans, rootkits, etc.

Hello clyde19 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

Read other 3 answers
RELEVANCY SCORE 33.6

My daughters computer has 98SE on it and today she got infected through AIM. She thought a friend sent her a picture attachment and opened it. It was a LO71.EXE file. I googled it and read a post from here that mentioned Rootkit revealer. I used Hyjack This and the usual scanners to remove it and the other goodies that came with it. I think its clean now.My question is 98SE vulnerable to rootkits? Rootkit Revealer and Black light are not 98SE compatable.
 

A:Rootkits in 98SE?

Read other 8 answers
RELEVANCY SCORE 33.6

Hi Garmanma has been assisting me over on the Am I Infected board. The answer is yes so he has referred me over to you guys. http://www.bleepingcomputer.com/forums/ind...id=1464701&Basically over the last couple of weeks Kaspersky has been alerting me to trojans that it has told me it dealt with. This evening I got an alert again saying it had dealt with trojan.html.fraud.d. My PC now seems to have lost admin rights (I only found this out when I went to try and use Nero and it told me I couldn't burn). I am set up as a computer administrator. The scans in the above post have identified rootkits. DDS (Ver_09-10-13.01) - NTFSx86 Run by Louise at 18:33:11.09 on 22/10/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1187 [GMT 1:00]AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.ex... Read more

A:Rootkits infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 15 answers
RELEVANCY SCORE 33.6

Hello every1 ^^
lately, i have discovered a few rootkits. I have AVG 2011 Free-Edition.I was browsing on the web and click on a google link. Then AVG popped up warning me that there may be a hacker trying to hack. So I didn't proceed future. Later, I ran an AVG Rootkit scan; I was kind of surprised to see that I had 1 detected rootkit. I didn't quite remember exactly, but for sure it was a "hidden/unknown file."

I went online and I've tried Avage, Sohpos, and GMER. Avage didn't detect anything so I uninstalled that one. Sohpos detected a few rootkits, but I don't remember which....but for GMER, here are the detected rootkits/malware info(in order of what was displayed):

Type:
All of them are "Attached D"

Name:
\FileSystem\Ntfs \Ntfs
\Driver\tdx \Device\IP
\Driver\tdx \Device\Tcp
\Driver\tdx \Device\Udp
\Driver\tdx \Device\Rawlp
\Driver\kbdclass \Device\KeyboardClass0

Value:
AVGIDSFilter.Sys(IDS Application)
Avgdix.sys (AVG Network connection)
Avgdix.sys (AVG Network connection)
Avgdix.sys (AVG Network connection)
Avgdix.sys (AVG Network connection)
Wdf01000.sys (WDF Dynamic/Microsoft)

My computer have been showing NO signs of rootkits at ALL. I tried to Google several things in and it worked perfectly fine. NO spam e-mails in my inbox (just in the spam section as it usually is). My computer is not slow at all, normal s... Read more

A:Rootkits Detected

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 33.6

VM Rootkits: The Next Big Threat?By Ryan NaraineMarch 10, 2006Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits...The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system..."We used our proof-of concept [rootkits] to subvert Windows XP and Linux target systems and implemented four example malicious services...Full read here.

A:Vm Rootkits: The Next Big Threat?

An Old Idea Returns for Building a Better Rootkit

Read other 1 answers
RELEVANCY SCORE 33.6

I removed 7 rootkits with housecall and the computer is slow and hangs up. Hopefully this will help.I only know enough to get myself in trouble with the computer.THANKS!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:27:34 PM, on 12/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\WINDOWS\system32\svchost.exec:\WINDOWS\system32\ZuneBusEnum.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Zune\ZuneLauncher.exeC... Read more

A:Removed 7 rootkits

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers