Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible rootkit in vista\system32 folder


  • This topic is locked This topic is locked
1 reply to this topic

#1 Wzwodór

Wzwodór

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 16 September 2009 - 01:54 AM

Hi to you all.

Avira goes crazy over two files, showing information of possible infection by TR/Alureon.19456U.3

These files are:
system32\kbiwkmyucipncx.dll
windows\temp\kbiwkmfxfqnqgksh.tmp
system32\drivers\kbiwkmioxevrepi.sys

I looked for help on another rescue board, where, after providing the log generated by OTL, Combofix was advised. Combofix detected rootkit in one of the above files, but was not able to remove the infection.

Well, I need serious help. You need any other logs or something to have a closer look at this mess?

Thanks, in advance.

[edit]

Well, i've made a topic on solutions forum, 'cause there is no doubt that I have the rootkit somewhere.
Here is the link: http://www.bleepingcomputer.com/forums/t/257975/possible-rootkit-in-vistasystem32-folder/

Edited by Wzwodór, 16 September 2009 - 07:47 AM.


BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:04:40 AM

Posted 16 September 2009 - 08:25 AM

You are right. This looks like a variant of the TDSS rootkit. That infection can only be cured in the HJT/Malware forum. Please follow only the advice of the team member that takes your log. There is a current backlog of logs, so be patient. As tech will be with you as soon as they can.

One note, if you are still getting help on the other forum, you need to stick with the problem there. Too many helpers trying to fix things will cause confusion and may crash your system with multiple requests to alter system settings.

As you have an open DDS log, this topic is closed. If you have any questions, please PM me.

Thanks,
rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users