Nasty rookit infection - Printable Version +- Britec Tech Support Forum (https://briteccomputers.co.uk/forum) +-- Forum: Computer Security (https://briteccomputers.co.uk/forum/forumdisplay.php?fid=50) +--- Forum: Security, Viruses, Trojans & Malware Removal (https://briteccomputers.co.uk/forum/forumdisplay.php?fid=30) +--- Thread: Nasty rookit infection (/showthread.php?tid=360) Pages:
1
2
|
Nasty rookit infection - George midleton - 11-30-2014 Help guys my laptop which runs windows 7 got infected by rookit i got redirekts and sometimes my pc shutted down and restart i can t boot in to safe mode task manager is blocked also cmd and regedit .How can i remove it ? RE: Nasty rookit infection - GuiltySpark - 11-30-2014 Hi George Welcome to Britec forums. What makes you think its a Rootkit? What happens when you try to boot to Safe mode? RE: Nasty rookit infection - Britec - 11-30-2014 Hi George, can you run a scan please and post results. Run TDSSKiller Scan · Please download TDSSKiller and save the file to your Desktop. · Right-Click TDSSKiller.exe and Run as administrator. · Click Change parameters. Place a checkmark next to Detect TDLFS file system. · Click Start Scan. please be patient and Don't use computer while scan is running. · If infected files are found, please change the action to skip. · Click Continue and close TDSSKiller. · Look for log file in root directory that's c:\ please copy contents of the log and paste it in your next post. RE: Nasty rookit infection - nsm0220 - 11-30-2014 (11-30-2014, 06:06 PM)George midleton Wrote: Help guys my laptop which runs windows xp got infected by rookit i got redirekts and sometimes my pc shutted down and restart i can t boot in to safe mode task manager is blocked also cmd and regedit .How can i remove it ?let me see your system 32 drivers area if its okay RE: Nasty rookit infection - George midleton - 12-01-2014 I Can t find my log files and it find some infections Rookit.Boot.SST.a and i skip it and Rookit.Win32.TDDS.tdl4 and i also skip it RE: Nasty rookit infection - GuiltySpark - 12-01-2014 George you should have in your c: drive (local drive) a txt log which resembles something like this; [attachment=57]
RE: Nasty rookit infection - George midleton - 12-01-2014 theres nothing there i check it twice RE: Nasty rookit infection - GuiltySpark - 12-01-2014 Can you open the TDSSkiller program and select 'Report' at the top right of the app. Copy and paste into your post. Thanks RE: Nasty rookit infection - George midleton - 12-01-2014 i tried rogue killer and the infection is still there here the log file of rogue killer.My pc is still slow and i get redirects RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: https://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: https://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : sasikanths [Admin rights] Mode : Scan -- Date : 09/03/2012 12:08:59 ¤¤¤ Bad processes : 1 ¤¤¤ [SUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-152525020-1768887692-1819828000-8660\$c182ca9b37ed9fb8dc733c18a75e9731\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-152525020-1768887692-1819828000-8660\$c182ca9b37ed9fb8dc733c18a75e9731\n --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-152525020-1768887692-1819828000-8660\$c182ca9b37ed9fb8dc733c18a75e9731\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-152525020-1768887692-1819828000-8660\$c182ca9b37ed9fb8dc733c18a75e9731\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-152525020-1768887692-1819828000-8660\$c182ca9b37ed9fb8dc733c18a75e9731\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-08A23T1 ATA Device +++++ --- User --- [MBR] a938e97353ed57ab51c1e0d857d78417 [BSP] 4d6e8fe963cb2155f50711def37919ce : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 245234 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt RE: Nasty rookit infection - nsm0220 - 12-01-2014 okay George midleton i need you to do a scan with hitman pro and dr web cure it to see if there more rootkit activity |