Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

H8SRT 23 hidden/locked with Avira Anti-Rootkit


  • Please log in to reply
No replies to this topic

#1 ojisplayin

ojisplayin

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 04 January 2010 - 10:11 AM

THANKS to all the help you have given me & others here!! You Rock!!

I am trying to help my brother-in-law who called to say his Mccafe was not running and he could go to no AntiVirus sites or Malwarebytes would not run/ renaming/reinstalling etc. did nothing! We both run XP SP 3- his is Media Edition which I think is the most vulnerable XP Edition around.

When I went over there, upon Normal Boot-up there was advertisings coming through the speakers? No process showed for it? After trial & error to get Mccafe completely removed, so to install Avira- Finally got it. But, Avira never would come up on taskbar, so basically it would not run, nor ever ran any scans. Removed the Malwarebytes, deleted folders, etc. Did Safe Mode w/Networking got Malwarebytes to install by tricking it with rename, got installed started scan then just closed. UGH!!


So, ONLY in safe-mode again, was able to go to Avira, I did get the Anti-Rootkit Tool to install/run, but with no options to FIX? It showed:
23 HIDDEN/LOCKED FILES (INVISIBLE TO THE WINDOW API) ALL BEGAN WITH (H8SRT) but with different
names afterward and different extensions (exe, dat, tmp, few others) and most, but not all were in SYSTEM32.

So, my questions is this:
Is this even removable? Is it safe afterwards if we do get it removed? Or, what I am thinking-
IS A TOTAL SYSTEM RECOVERY the only way to go here?

Thanks & Happy New Year!

You have helped me remove AntiVirusPro 2009 & Security something Infection from my moms succesfully!! This is the best forum around for so many!! :flowers: I trust your answer completely! :trumpet: TYTYTYTY :thumbsup:
Hugs, Patti

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users