Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post-Advanced Virus Remover Protection


  • Please log in to reply
2 replies to this topic

#1 Padfoot91

Padfoot91

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 16 August 2009 - 10:19 PM

I have just recently followed another thread's instructions to deal with Advanced Virus Remover, and possibly other malware that I was not aware of. During the clean up, I found out that my computer may not be as clean as I thought it was, and I want to make sure that my computer is rid of any malware, viruses, trojans, etc. that may be present. While using some of the applications that the thread mentioned, I saw many items other than Advanced Virus Remover that I believe may be infecting my computer. I followed the instructions in the thread twice, but I want to be sure that I've cleaned my computer thoroughly.

Here is the web address of the thread I used earlier:
<http://www.bleepingcomputer.com/forums/lofiversion/index.php/t235651.html>

While using gmer.exe, the Rootkit/Malware tab list was very large both times I scanned the computer.

While using HijackThis, the lists that were produced during its two scans was also extensive.

I could not get the Kaspersky Online Scanner to work correctly.

Any help?

Thanks.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:47 PM

Posted 17 August 2009 - 12:56 PM

Hi Padfoot91 and :thumbsup: to BleepingComputer!

Its never a good idea to follow other threads to clean up your system. Whereas self-help guides for example can be very useful, the kind of fix you followed, was made specifically for that user. Your situation may be different, or, whats worse, you may make things worse for your computer. The best thing is to start your own topic as you did now.

ROOTREPEAL
-------------
We need to check for rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Padfoot91

Padfoot91
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 17 August 2009 - 03:03 PM

Here are the results of the scan from the txt file:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/17 15:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA8BA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A64000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9030000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\mcafee_sfyficcmxv5ygxo
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Joshua & Hannah\Cats, New Year's, Josh's Birthday, and Voice of Democracy 00.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Joshua & Hannah\Cats, New Year's, Josh's Birthday, and Voice of Democrac (1).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Joshua & Hannah\Cats, New Year's, Josh's Birthday, and Voice of Democrac (2).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Joshua & Hannah\Cats, New Year's, Josh's Birthday, and Voice of Democracy 01.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Joshua & Hannah\Cats, New Year's, Josh's Birthday, and Voice of Democrac (3).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Joshua & Hannah\Cats, New Year's, Josh's Birthday, and Voice of Democrac (4).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Joshua & Hannah\Cats, New Year's, Josh's Birthday, and Voice of Democracy 02.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democracy 00.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (1).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (2).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (3).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (4).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (6).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (7).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (8).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democracy 01.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (9).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (10).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (11).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (12).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (13).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (15).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (16).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (17).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democracy 02.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (18).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (19).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (20).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (21).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (22).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democracy 02.mpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democrac (5).jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Cats, New Year's, Josh's Birthday, and Voice of Democracy\Cats, New Year's, Josh's Birthday, and Voice of Democra (14).jpg
Status: Locked to the Windows API!

==EOF==




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users