Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected By Evil Rootkit

  • Please log in to reply
1 reply to this topic

#1 gedit


  • Members
  • 1 posts
  • Local time:10:32 PM

Posted 23 May 2008 - 09:16 AM

Hello to the distinguished community. I am a new member joining because of the desperate need to learn how to fight this constantly increasing annoyance of hackers/malware/viruses.. you know what I am talking about.
I am posting this here while I am sure others have had similar experience from which I have taken notice and performed the following actions based on your recommendations.

Now this has happened to me twice, only in the second time, I did not want to go through re-formating and re-installing my laptop all over again as I did in the first time, and so I wanted to learn what it is that's causing this, how to clean it and mostly, how to protect it at least for a while so I can get back to work...

It started with a sudden blue screen on my XP-SP2 running PC, and after a few failed attempts to re-boot it, I went for the F8 option - safe mode - which returned a blue screen immediately...
Until the normal boot option worked - for some reason.

Then my PC became sluggish and went up to 100% I noticed that some services such as the MacAfee won't start and some of the privileges were taken away... and some of the folders got hidden from the system. Only by running the Rootkit Revealer, did I get what was going on in my system. Horrible. These guys made my PC a ghost hub for illegal SW (I can put a snap shot but you can also see it in the combo fix log).
To cut the story short, I spent the whole day yesterday reading in forums such as this one, and took actions. The problem is that none of the executable files would run as I'd get "... not a win32 application.." message when I tried to run it, SO I had to joggle between two computers on an internal network to finally download the files (ComboFix and HijackThis) and only by changing their names and then copying it to the infected computer was I able to run them (I think better correct the Combofix Guide to include this step).

So after cleaning these files, PC seems to be better but I don't want to connect it to the internet as of yet because: A: The MacAfee still won't run (I can't start the MacShield service) and B. How do I protect my loopholes? If it happened, it could happen again although I am using the Checkpoint Secure client, the windows firewall and Macafee (which is not working...).
I can post the logs if you wish, but please let me know ASAP what I can do to block the whole through which this thing came...
Thanks a lot! :thumbsup:

Edited by gedit, 23 May 2008 - 09:19 AM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,573 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:09:32 PM

Posted 23 May 2008 - 02:42 PM

The best recommendation to a full format is to post the Hijack log in this form.

HijackThis Logs and Malware Removal
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users