Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably Rootkitted, please I need help cleaning OS


  • This topic is locked This topic is locked
3 replies to this topic

#1 capsads

capsads

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 27 November 2009 - 10:32 AM

Hello and thank you in advance for the help.

Starting a couple of day ago my browser probably downloaded something that now is causing all this trouble.
The PC getting really slow, sometime freezes, browser prevent mebrowing some sites and redirect me to odd address and sometimes freezes so the PC need to be restarted, sometime more than once because the system cannot fully load properly.
Previously of this infection I already installed MBAM so I decide give the PC a scan. After MBAM started uploading the definitions updates MBAM throwed an error and quits himself, I started again MBAM and start scanning without first updating but as soon the scan started he shuts down himself again. I try more that once but all the time I try to scan or after 5 or 6 second MBAM will shuts down by himself, I tried also in safe mode but MBAM is still shutting down. Probably the malware is keeping MBAM to start (I also tried the trick to rename mbam.exe with no luck), so I update and run SuperAntiSpyware that is not getting shut down like MBAM and apparently he detected and quarantined a trojan "Trojan.Agent/Gen". I restarted the PC an scanned again with SuperAntiSpyware this time he did't find nothing but the PC has the same problems before and MBAM still is not working and the browser is still hijacked. I tried scanning with RootKit Revealer but the malware is also preventing him to start, even in safe mode. I tried RootRepeal that started, I did a File scan and it shows that in my volume C: the status as "MBR Rootkit Detected!". So I rebooted from the Windows CD and run the Emergency Console, " bacause I have installed the emergency console but is not working". Then In Windows energency console I ran fixmbr and rebooted. I checked again with RootRepeal but he his still showing on my volume C: the status as "MBR Rootkit Detected!". I have to post this request from another PC since the malware preventing me going to this address as well as others, and he redirect me instead to odd addresses like "www.allgive.com" and then the browser freeze, he prevent me also going to McAfee website (this time it shows a 501 error). I was able to go to the Trend Micro website and download HouseCall that I was able to run in safe mode (is not starting in normal mode). I updated and ran HouseCall that detected a virus: "TSPY_KATES.SMOD" and apprently he fixed it. But after scanning again with HouseCall the same virus was detected again, so I don't think that he was able to clean this infection.
I have exausted all my tricks and tried everything I can with no results than getting frustrated.

Please, I really need someone with more expertise than me to help me fix this problem.

Thank you, I really appreciated your work and the time you are spending to help who are in my same situation.

Edited by capsads, 27 November 2009 - 10:57 AM.


BC AdBot (Login to Remove)

 


#2 night_hawk

night_hawk

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 27 November 2009 - 10:53 AM

for whats its worth...My asking for help may help you. Take a look at my thread and the reply's... May fit your situation if your thinking you have a Rootkit
Good Luck!

http://www.bleepingcomputer.com/forums/t/273746/browser-being-redirectedive-tried-it-all/

Trace

#3 capsads

capsads
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 27 November 2009 - 11:13 AM

Thank you, but I don't see any answer yet on your thread that can help my problem. Please, don't hijack this thread, if you still need help keep following your own thread or post a new one.
No offense, but is just to keep this thread clean and related to my issue.

Thank you

for whats its worth...My asking for help may help you. Take a look at my thread and the reply's... May fit your situation if your thinking you have a Rootkit
Good Luck!

http://www.bleepingcomputer.com/forums/t/273746/browser-being-redirectedive-tried-it-all/

Trace


Edited by capsads, 27 November 2009 - 11:21 AM.


#4 capsads

capsads
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 27 November 2009 - 11:56 PM

This thread can be closed, I have resolved the problem.

Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users