Posted 24 July 2009 - 02:10 PM
I joined this forum yesterday after getting beat up with a rootkit on one of the computers that I manage. Long story short, the computer had the latest spyware remover ad, locked out malwarebytes, spybot, and hijackthis! It would also send a ton of messages at one time, then after being logged in for about ten minutes, it would start playing music from the Internet.
After reading numerous Web sites and forums, I renamed malwarebytes to randy.exe; this enabled the program to run, but not update. Running malwarebytes as-is, then disabling a hidden device in device manager (I can't remember which one, but it is somewhere on malwarebytes forum) I was able to update malwarebytes, and run a new scan.
This cleaned up a lot, but there were two items that would come back , HKEY_LOCAL_MACHINE\SOFTWARE\UAC (rootkit.trace), and Windows\System32\uacinit.dll (trojan.agent). Thanks to this forum, I downloaded ComboFix, and cleaned up most of the other stuff. I then scanned with malwarebytes again, and found two new dlls, that were then removed.
As a finishing touch, I booted from the Windows XP CD, and built a new MBR, and fixed the boot sector. On reboot, everything now seems normal; malwarebytes scans with no errors, combofix has no errors, Symantec finds no problems, no strange entries on netstat command.
I am pleased to be a member of this forum for help in the future. The malware is getting more sophisticated these days, and I'm sure that I can't do it alone anymore. Thank you for the final arrow (Combpfix).