Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get any removal tools to run.


  • Please log in to reply
2 replies to this topic

#1 ou_stick

ou_stick

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 26 August 2009 - 01:49 PM

I think I have a rootkit that we just can't get rid of. Combofix will not run. Any A/V spyware removal tools will not run (we have tried dozens). I got root repeal to run. But now it will not run. Please help. I can post the log from it, as I saved it...


We just got it fixed. I'm new here so I'm not sure how to close this out.

Solution...
Run peek.bat (this was provided in another post)
Below is the log:
Volume in drive C has no label.
Volume Serial Number is 1092-262C

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 55,808 eventlog.dll
3 File(s) 643,072 bytes



Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:42 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:42 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:41 56,320 eventlog.dll
3 File(s) 644,608 bytes



Directory of C:\WINDOWS\system32

04/14/2008 05:42 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/14/2008 05:42 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/14/2008 05:41 63,488 eventlog.dll
3 File(s) 651,776 bytes

Total Files Listed:
9 File(s) 1,939,456 bytes
0 Dir(s) 66,757,664,768 bytes free



We then coppied the file (eventlog.dll in our case) from the good location to the C: drive.
And finally used The Avenger to move it to the location where it should be.

If anyone needs further details, please let me know.

-Stick-

Edited by ou_stick, 26 August 2009 - 02:04 PM.


BC AdBot (Login to Remove)

 


#2 ou_stick

ou_stick
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 26 August 2009 - 02:05 PM

Now our tools are running (combofix, mbam, etc.).

-Stick-

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 AM

Posted 26 August 2009 - 02:09 PM

Looks like you figured it out. A rootrepeal log should it at as clean now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users