Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fairly certain I have a rootkit problem


  • Please log in to reply
2 replies to this topic

#1 CRizzy141

CRizzy141

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 September 2009 - 05:44 PM

Hello all,

I'm fairly certain that I've managed to put some rather nasty stuff on my desktop. I use a Dell desktop with Vista. Prior to this experience, I've been using absolutely no antivirus or firewall on my computer. Last night, I downloaded and ran an executable file while messing around online...I almost instantly knew I'd screwed up, because the file quickly opened and closed a command prompt and did nothing else. Since then, I downloaded superantispyware and ran it; it detected a hundred some threats, the vast majority of which were cookies but 3 of which were trojans and deleted them. Windows still, however, detects some sort of trojan downloader with "reno" in the name. I've also downloaded rootrepeal and gmer and attempted to run them; rootrepeal will not scan at all (giving a FOPS - DeviceIOControl Error), and gmer scans for a period and then crashes (simply says "gmer.exe has stopped working"). Malwarebytes won't run; the error screen says "windows cannot access the specified device or file path", and superantispyware no longer runs either. I've enabled the windows firewall, but I'm pretty anxious to get this worked out as I start a new term of law school next week and won't have time to deal with this. Any help would be greatly appreciated!

Thanks again for your time.

Edit: I've also attempted to run dds, which failed as well.

Edit: I just attempted to install Norton 360 for kicks, and as expected, the install failed.

Edit: Same problem with Hijack this, which installs, begins scanning, then exits abruptly. If necessary I may be able to reinstall and run again and take a screenshot of the portion of the log showing before it exists, but after it exits I can no longer enter the program, once again getting the "Windows cannot access the specified device" error.

Edit: It also probably bears mentioning that despite the fact that I'm fairly certain I have malware present, I'm not currently experiencing any browser redirection.

Edit: It also appears to have deleted all my restore points.

Edited by CRizzy141, 05 September 2009 - 02:09 PM.


BC AdBot (Login to Remove)

 


#2 CRizzy141

CRizzy141
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 September 2009 - 12:03 AM

Any thoughts as to what I could do to fix this?

#3 CRizzy141

CRizzy141
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 September 2009 - 01:41 PM

Update: I'm getting redirected from clickthroughs on google now...oddly, it's only for certain search results. I'm also being redirected from espn.com TO google (no idea).

Edit: I've followed a few posts on here in a hodgepodge manner and now am able to get Kapersky's online to run...it's already discovered 8 infected items...WAIT ok, nevermind, the browser window just spontaneously closed. Looks like whatever I've got nailed that door shut as well.

Edit: OUCH. Now it's disallowing me access to my browser. Just an FYI, I've also got my laptop which I'm currently posting through...but all my notes, etc are on my desktop.

Edited by CRizzy141, 05 September 2009 - 02:00 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users