Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello


  • Please log in to reply
1 reply to this topic

#1 Randy D

Randy D

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 24 July 2009 - 02:10 PM

Hi everyone,

I joined this forum yesterday after getting beat up with a rootkit on one of the computers that I manage. Long story short, the computer had the latest spyware remover ad, locked out malwarebytes, spybot, and hijackthis! It would also send a ton of messages at one time, then after being logged in for about ten minutes, it would start playing music from the Internet.

After reading numerous Web sites and forums, I renamed malwarebytes to randy.exe; this enabled the program to run, but not update. Running malwarebytes as-is, then disabling a hidden device in device manager (I can't remember which one, but it is somewhere on malwarebytes forum) I was able to update malwarebytes, and run a new scan.

This cleaned up a lot, but there were two items that would come back , HKEY_LOCAL_MACHINE\SOFTWARE\UAC (rootkit.trace), and Windows\System32\uacinit.dll (trojan.agent). Thanks to this forum, I downloaded ComboFix, and cleaned up most of the other stuff. I then scanned with malwarebytes again, and found two new dlls, that were then removed.

As a finishing touch, I booted from the Windows XP CD, and built a new MBR, and fixed the boot sector. On reboot, everything now seems normal; malwarebytes scans with no errors, combofix has no errors, Symantec finds no problems, no strange entries on netstat command.

I am pleased to be a member of this forum for help in the future. The malware is getting more sophisticated these days, and I'm sure that I can't do it alone anymore. Thank you for the final arrow (Combpfix).

Randy D

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:50 PM

Posted 25 July 2009 - 08:39 AM

Welcome to BC
Glad to hear your computer is fixed
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users