Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spks.sys rootkit infection will not die!! [Moved]


  • This topic is locked This topic is locked
3 replies to this topic

#1 Alecjw

Alecjw

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:kansas
  • Local time:11:32 PM

Posted 21 July 2009 - 01:39 AM

Hello, and thank you for your help!


okay so i had a virus on my computer that was mild, just clogging my computer with crap files and deleting old ones.
Instead of removing it i just decided it was time for a fresh slate.
So i pulled out an old program i created in high school, appropriately named NUKE MURDER KILL, which completely wipes your hard drive and then fills it up with crap data then formats(7 times) so all data is gone forever.
i re-install my fancy Windows XP PRO 2002 SP3 edition
i re-install AVG 8.5 (NOT FREE VERSION)
i re-install PeerGuardian
i re-install firefox
my poor 20gigs of hard drive say that's enough for now :thumbsup:
okay yay i now have my computer all updated clean and happy!
one week later during my normal scan AVG finds:

ROOTKIT
"C:\WINDOWS\System32\Drivers\adptv3ba.SYS";"Hidden driver";"Object is hidden"

AWESOME!!! one week goes by and i get *&$%ed.

no worries i click the "remove selected infections"
and poof it's gone yay!
AVG ask for a reboot, i do so.

run another sacan on start up and what do you know,
"C:\WINDOWS\System32\Drivers\aert4v5s.SYS";"Hidden driver";"Object is hidden"

oh a new random .sys HMMMMMMM
i do the same thing, and again another random .sys file. TO THE INTERNET!!!

Download "SanityCheck" and run a scan it finds;

System routines are being intercepted

The module spks.sys is hooking the kernel to intercept base system services.

Information about the responsible module spks.sys -- file path: spks.sys This file is no longer available. We suggest you try to find this file in another location on your hard disk.


okay.... i don't know what that is :flowers: TO THE INTERNET.......AGAIN!!!

so i find an article on this site-->>> http://www.bleepingcomputer.com/forums/topic143588-15.html
booMan is having the same issue as me with this damn "spks.sys"

but it says to not follow the instructions since they are user specific, so here i am!

Can you guys help me as you helped booMan?
thank you again,
Alec

Edited by Alecjw, 21 July 2009 - 01:50 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:32 AM

Posted 21 July 2009 - 10:16 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Given your description, I do think this needs to be handled in the HiJack This forum. Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you cannot produce the DDS logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Alecjw

Alecjw
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:kansas
  • Local time:11:32 PM

Posted 22 July 2009 - 11:17 AM

thank you, it's gotten pretty bad, my virtual memory is being devastated!
i'll post ASAP

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:32 AM

Posted 26 July 2009 - 12:26 PM

Hello Alecjw,

I see that you got the logs posted a few days ago here: http://www.bleepingcomputer.com/forums/t/243538/spkssys-rootkit-infection-proper-logs-from-dds/ and that the topic was picked up. Please note that you have a new response from a different helper. Please follow her instructions. Just because symptoms are gone does not mean that the infection is gone and if it isn't dealt with, it can rear up its head even worse than before. Please stick with the topic until your helper says that you are clean.

To avoid confusion, I shall now close this topic.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users