Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit infection


  • Please log in to reply
3 replies to this topic

#1 nitin77

nitin77

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 20 November 2009 - 10:01 PM

hello,

Last week I noticed slowdown with my computer (mainly at startup) and I ran HijackThis and combofix to see what they came up with.

When I ran combofix, it said it detected rootkit activity and reran itself on reboot (as it normally does with rootkit infections). But, unusually, it couldnt create a logfile. The computer restarts and combofix does not get to do a logfile. But, again unusually, if you run it again straightaway, it again detects rootkit activity and reboots/restarts but this time it does produce a logfile. But the rootkit detection that it makes does not seem to go away.

I can post the contents of the combofix logfile if it is required.

BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:12:26 PM

Posted 21 November 2009 - 12:05 PM

To kill the rootkit process try running Rkill first. Once you get it downloaded double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.

LINK 2
LINK 3
LINK 4

Once it runs you should be able to run Malwarebytes and then SUPERAntiSpyware.
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 nitin77

nitin77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 21 November 2009 - 06:06 PM

hello,

will try rkill. But Malwarebytes and Superantispyware run fine and do not pick up anything. It is only combofix that picks it up (keeps picking it up).

I will try rkill and also post the combofix log.

#4 nitin77

nitin77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 22 November 2009 - 03:51 AM

rkill + combofix seems to have worked.

cheers.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users