Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With UACinit.dll Trojan On Windows XP Service pack 3


  • This topic is locked This topic is locked
3 replies to this topic

#1 John372790

John372790

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 10 September 2009 - 04:21 PM

I apologize if this is in the wrong forum but I have gone through most of the steps, I have the dds logs, but when I went to run RootRepeal It gives me this Error.

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000005
Exception Address: 0x00410fc7
Attempt to read from address: 0x00ed183e


I have attached the Dds report anyways, along with the combofix log, from what I have read, you guys are lifesavers, save me please!

Forever gracious for your time and effort.

John

Attached Files



BC AdBot (Login to Remove)

 


#2 John372790

John372790
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 11 September 2009 - 12:15 PM

Please, Could someone help me out, lead me in the right direction, just A simple nudge. We found the HKEY file but it won't let us delete it, it's

HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\rotscxpypdivxi

(Rootkit.TDSS)

We found the file itself, but it will not allow us to delete it, I know a lot of people say not to delete it, but we need this virus off, it is a business computer, our main computer and we are at a stand still until it is removed.

If we don't need to delete it, if we need to do something else, Please, anything.

Thank you.

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 11 September 2009 - 12:42 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 17 September 2009 - 02:57 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users