Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

globalroot\systemroot\system32 trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sphinx_30

Sphinx_30

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 21 August 2009 - 01:50 PM

Here is the requested DDS log asked for by OB.

--OB thanks for the heads up about the combo fix...

to reiterate I still have the my problem, Here is what I am dealing with:
------------------------------------------------------------------------------------------------------------------------------
Good day all,

I recently installed a program given to by my friend, unfortunately it contained what I believe to be a rootkit trojan.
I am running:

Vista x86 Service Pack 2
Kaspersky IS 2009 (which found the trojan)

I have already ran the Combofix and have included the results in this post Post referenced is here: http://www.bleepingcomputer.com/forums/t/251229/systemrootglobalrootsystem32-trojan/ ~ OB (log removed by OB, because I'm a newbie). As well I have already tried deleting this file via
Kaspersky (which it tells me to) by rebooting my system of which nothing happens. I still get the trojan alert. Kaspersky tells me that I cannot delete this file
(windowssystem32geyekrbbdxqefi.dll--Trojan.Win32.Agent2.lav) because it is being used by another program. I do get the an alert box whenever I try to open
any program which says: globalrootsystemrootsystem32geyekrbbdxqefi.dll is either not designed to run on Windows or it contains an eroor. Try installing the
program again using the original installation media or contact your system administrator or software vendor for support.

Thanks in advance....

Merged two posts and removed the one made in error. ~ OB

Attached Files

  • Attached File  DDS.txt   20.48KB   2 downloads

Edited by Orange Blossom, 21 August 2009 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 Sphinx_30

Sphinx_30
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 22 August 2009 - 06:53 PM

I managed to fix my problem by using AV Rootkit to delete the hidden file and then I had to remove the Windows A/V Pro that it allowed in my system (that was a pain) which ended up disassociating all my .exe files. I just now took care of that and am happy to say that I am virus/trojan free.

Thanks for the forum, you had a lot of good information.

Edited by Sphinx_30, 22 August 2009 - 06:53 PM.


#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 22 August 2009 - 07:15 PM

Thank you for letting us know.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users