Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.TDSS


  • Please log in to reply
3 replies to this topic

#1 PiL

PiL

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 09 September 2009 - 11:52 PM

A few days ago I came to my computer and I noticed I had this program "Antivirus Pro 2010" or something along those lines. I have had infections before, but it was fairly easy to get rid of them, but this wasn't the case this time. I went to open Malwarebytes Antimalware to scan, it started to scan and then shut off immediately. Whenever I tried to open it again it gives me an error that says:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the items.

This was the case for MBAM, Trend Micro Antivirus Plus AntiSpyware, and Spybot. The only program that the scanning works is "Spyware Doctor" which I got off a recommendation, but as you probably know it costs money for the program to remove infections. I have tried using Hijack This to make logs, so I could get help in the HJT forums, but just like the other programs it shut off immediately after I started to scan. I have also tried scanning with Root Repeal, but it causes my computer to reboot after scanning for about 5 minutes.

Here is what showed up in the Spyware Doctor scan:

Adware.Agent.ZO

RogueAntiSpyware.XP.Antispyware

Rootkit.TDSS

RogueAntiSpyware.AntivirusPro

Trojan.FakeAlert

I don't know how helpful that is, but I really don't have any idea where to go from here. Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 PiL

PiL
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 11 September 2009 - 05:56 PM

Someone please help.

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:21 AM

Posted 11 September 2009 - 09:20 PM

See if one of these 2 scans work. You can use them to post in the HJT forum

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
-------------------------------

1. Download Win32kDiag from any of the following locations and save it to your Desktop

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 PiL

PiL
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 11 September 2009 - 10:10 PM

Thank you for the help, I was able to get a log from Win32kDiag, but Root Repeal still causes my computer restart after scanning for a bit. I'll make a new thread in HJT.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users