Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NTOSKRNL -HOOK and some fake alert... Help?


  • Please log in to reply
1 reply to this topic

#1 Cheez01

Cheez01

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 07 August 2009 - 11:03 PM

Bleh. So I heard that Twitter got hacked, and Facebook was headed that way too and I was a little nervous about my Facebooking. After a few random redirects to pages offering to scan my PC, remove spyware etc. I closed out of Internet Explorer and ran Malwarebyte's Anti-Malware. It detected an infected registry entry (deleted right away) and a file that would be deleted on reboot. So I went ahead and rebooted. After rebooting, MBAM did not reopen automatically as it usually does, and I have not been able to get it to run since. When I try to run it, task manager shows the process running but it doesn't show up.

Ran a McAffee scan after, which came up with NTOSKRNL -HOOK, a generic trojan which it said was removed. It showed up again in a scan immediately after. And in several more scans after that... I've had the IE process (iexplore.exe) running when I'm not using the internet, and twice I've had audio start playing (advertisements) which stopped after ending the invisible IE process.

I did some research online which suggested running the McAfee scan in safe mode, which I tried. The scan always stalled at the same file. I tried again using safe mode with networking, and now I have some fake alert thing popping up (the standard "Your computer is infected, let us fix it for you" type thing). McAfee scan still stalled at the same file. IE opened randomly to some webpage, didn't get to see it because I turned the PC off out of fear :thumbsup:

I'm usually good at fixing these things, but I really need some help here. I've got classes starting in two weeks, and all of my prerequisite assignments are on that computer. I already lost my first computer to some malware, years of memories on it and I think it's beyond repair now. I can't afford to lose this one too.

The computer is running Windows XP Pro SP2, with IE7.

BC AdBot (Login to Remove)

 


#2 Cheez01

Cheez01
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 08 August 2009 - 12:14 AM

Update: Now I am trying to reboot into safe mode and it won't let me? It loads all of the standard command line prompts and then suddenly stops, and goes back to the screen before you "F8" to get to the options... I get a screen saying Windows did not start successfully, with the options to try safe mode, normal mode, and last known good configuration.

Looks like this is more serious than I thought...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users