Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Require help removing possible rootkit/malware infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 UKIkarus

UKIkarus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 28 December 2009 - 11:32 AM

Hi,

Before i begin please note i have a faulty motherboard which is soon to be replaced (trying to ensure the machine is clean to narrow down on any possible causes of the machine playing up, and to reduce the chances of any issues occuring when i replace the board).

With that said lets begin.

I have recently been having problems with my machine, when attempting to browse the internet via google all my results were redirected to a site known as "widgetlibrarypiece.com" and the only solution i found was to tab to the link and hit return.

After reading alot of posts around the net i found that others had the same symptoms and began looking into it, now i know its recommended not to use any tools such as combofix etc without supervision but ive had experience using them in the past i have managed to clean out some malware/rootkits and remove the issue with the redirecting however im still getting random hangs of browsers or overall system hangs but the funny thing is my task manager shows my CPU, RAM and Pagefile as 0% when this happens.

I would like assistance in checking the system thoroughly to ensure there are no traces left, and to narrow down any remaining issues to hardware faults.

Another issue i have come across when running combofix is that it shows c:\boot.ini as being incorrect format

I have checked this and it appears that the file is blank and indeed my boot.ini has been modified, if this can be looked into also id greatly appreciate it.

The system is running on 5 SATA HDD a for backup images (which are clean) and 4 in Raid0 Striped using the Nvidia Raid drivers which has proven to be an issue with alot of software :).

All scanners used have found no traces of any virus/malware or anything of a sort, GMER hangs whenever i try to run it even when following guides running in safemode disabling any emulators/scanners etc and other tools cause the pc to simply reboot without any BSOD that i can check.

HijackThis shows clean as far as i can see, (youll have to excuse the crap installed by bros n sister lol)

I have tried installing the recovery console multiple times via different methods to no avail perhaps you can help me here too, as i have to keep using a repacked CD to boot with the drivers to see the Raid setup if there is a way around this itll be most convenient.

If anyone can help me do a thorough run through of the system to ensure that anything nasty is removed before i replace the MB to reduce hastle itd be greatly appreciated as i do not wish to lose all stored on my D partition (650GB+)

Hoping to replace the MB and keep the raid intact

Thanks

Daryl :(

if you require any logs just let me know and ill post them :(

P.S. my pc is beeping twice when logging into windows, also unfortunately the RootRepeal software is causing my pc to BSOD both in normal mode and safe-mode so im unable to get a log :) however i have been able to get GMER working by updating my NVRaid.sys and other drivers related to it... however whhen i attempted to save the log the pc froze .... so ill have to rescan if requested

the error is "irql_not_less_or_equal" as shown in the image below (not mine) and it is being caused by NVRaid.sys when running rootrepeal

Posted Image

EDIT: thought id add that when running full screen apps in normal mode the sound will loop but whatever is running will continue fine until i try to exit or change the active window then the system hangs because the windows explorer has crashed and i cannot do anything but restart the pc from there... however in safe mode it doesnt appear to get that bad, only crashes web browsers but im able to scan or do everything else with little to no hanging

Attached Files


Edited by UKIkarus, 29 December 2009 - 09:01 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:54 AM

Posted 07 January 2010 - 03:47 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:54 AM

Posted 14 January 2010 - 11:53 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact me or another staff member.

Everyone else please start a new topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users