Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Eventbrite Removes Clause That Allowed It to Attend and Film Events

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Trouble With Root kits

Started by 4THEPPL , Dec 18 2009 11:31 AM

Please log in to reply

No replies to this topic

#1 4THEPPL

Members
2 posts
OFFLINE

Local time:04:19 AM

Posted 18 December 2009 - 11:31 AM

Hi,

I decide to install NIS 2010 over my NIS 2009 today.

Once I installed NIS 2010, i couldn' turn on the updates, nor could I perform a scan.

So, I uninstalled NIS 2010 and attempted to install it again.

The program started but when I clicked install, nothing happens.

I tried this in safe mode and also tried running the installation as an administrator, but to no avail.

Finally, it struck me that i might have a root kit on my laptop(Windows vista, 32-bit)

So, I installed a root kit scanner called GMER and found the following problems.

Here is the log file:

GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2009-12-18 17:40:07Windows 6.0.6001 Service Pack 1Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\ugrdqpow.sys---- Kernel code sections - GMER 1.0.15 ----?               System32\DRIVERS\avgarkt.sys                                                                       The system cannot find the path specified. !.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          section is writeable [0x86D56000, 0x4036D, 0xE8000020].dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          unknown last section [0x86D9F000, 0x510, 0x40000040]?               System32\DRIVERS\AvgArCln.sys                                                                      The system cannot find the path specified. !PAGE            spsys.sys!?SPVersion@@3PADA + 1A67                                                                 97A6903F 240 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]PAGE            spsys.sys!?SPVersion@@3PADA + 1B58                                                                 97A69130 6 Bytes  [0E, 83, 78, 14, 01, 75]PAGE            spsys.sys!?SPVersion@@3PADA + 1B5F                                                                 97A69137 2214 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]PAGE            spsys.sys!?SPVersion@@3PADA + 2406                                                                 97A699DE 47 Bytes  [04, BB, A8, 01, 00, 00, 8D, ...]PAGE            spsys.sys!?SPVersion@@3PADA + 2436                                                                 97A69A0E 44 Bytes  [05, 00, 00, 39, 54, 8D, D0, ...]PAGE            ...                                                                                                ---- User code sections - GMER 1.0.15 ----.text           C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3956] ntdll.dll!DbgBreakPoint  76FF7DFE 1 Byte  [90]---- Devices - GMER 1.0.15 ----AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                            Wdf01000.sys (WDF Dynamic/Microsoft Corporation)AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                            Wdf01000.sys (WDF

What should I do next?

Is it safe to remove them using sysprot anti root kit?

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Trouble With Root kits

#1 4THEPPL

BC AdBot (Login to Remove)

0 user(s) are reading this topic

Trouble With Root kits

#1 4THEPPL

BC AdBot (Login to Remove)

0 user(s) are reading this topic

Sign In