Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


UAC rootkit

  • Please log in to reply
1 reply to this topic

#1 Ed1523


  • Members
  • 2 posts
  • Local time:12:55 PM

Posted 23 July 2009 - 11:27 PM


I had a similar problem like Bubba. Got infected two days ago with UAC Rootkit.

Tried many programs: Malwarebytes, Ad-aware, Stopzilla; without success. This trojan is really bad and well written. I could not do a system restore and it stopped the installation of many anti-malware programs. Kaspersky was busted, at least it told me, it could not delete this trojan.

After many restarts between Kaspersky and Ad-aware, I decided I had enough and was ready to cough-up some money, so I called iS3 (Stopzilla), but to my despair they told me they could not help me, as they were still working on the UAC Rootkit. I gave them my e-mail address, but was almost ready for an OS re-installation.

Then searching online on my work computer found-out about Combofix. So I downloaded it, burned it to a DVD (I had left home my flash drive which would have come very handy in this case) and tonight I got rid of the nasty malware.

First I had renamed Combofix even before I burned it to the DVD. The trojan seems to have a list of names and websites. Then I had to make sure Kaspersky and Ad-aware will not interfere, so I close them. But the Ad-aware scanner was still running in the background, so the first try failed. Another re-start and more browser windows popping-up along with infomercials playing in the background. This time I called the task manager and make sure nothing was running from Ad-aware or anybody else. Once Combofix got into his routine I knew I was into something good.

It took about 25 minutes and 55 stages, but it worked! My system was clean again, or so it seems?! Even my Firefox bookmarks are back!

I have the Combofix log, where should I post it?



BC AdBot (Login to Remove)


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • Gender:Male
  • Local time:11:55 AM

Posted 24 July 2009 - 06:12 PM

Hello and welcome to Bleeping Computer. First, please do not post your Combofix log as they are not intended to by analyzed in this area.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.

Could you please Update Malwarebytes, then run a Quick scan and then post back the log?
Computer Pro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users