Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit + Trojan


  • This topic is locked This topic is locked
3 replies to this topic

#1 kb11

kb11

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 16 March 2010 - 02:31 PM

Hello,
I have a Dell 1520 laptop with Windows Vista Home Premium. I've been using this for some 2.5 years now.

A few days ago, completely out of the blue the BitDefender anti-virus that I use started detecting mutliple trojans one after the other. These included Trojan.IA.Inject and the rootkit - Gen:Rootkit.

I have another machine, which I used to google around and came to Bleeping Computer. I followed the instructions in the Virus, Trojan, Spyware, and Malware Removal Logs. And managed to download the Defogger, DDS and GMER on the infected machine.

However, the situation then got so bad that the moment I connected to the net, the virus detections would increase with every second and windows would stop working: first Windows Explorer would start working, followed by the Task Scheduler. Windows Explorer would try to detect a solution then would try to restart but would not be able to. The screen would remain blank while the machine is running.

The DDS somehow ran when the machine was disconnected from the net but the file that it produced was filled with illegible characters. And the GMER could not complete the scan. Windows Explorer kept hanging then trying to restart and the whole process would repeat itself.

I figured that re formatting the PC would be the best thing to do. So I formatted C drive and reinstalled vista. I left D drive untouched because i had some un-backed up data on it.

Now 2 days after re formatting, with Vista updated to SP2, an anti virus installed, the whole thing suddenly started again. I am at my wits end since the re format obviously hasnt helped. Its again infected by Gen:Rootkit.Nixoa.1 and Gen:Trojan.Heur.Hype.bq0 and Trojan.IA.Inject
And windows explorer stops working and tries to restart (unsuccesfully). followed by Usernit Logon App stopping and then the Task Schedule Engine stops too.

Should I format the PC again? Will it be safer to format just C first, then try to backup data from D: and then format D?
I have a password protected wireless network at home . The infected laptop connects to it via wireless. The desktop from which im typing this connects to the router with a LAN cable. Do i need to reset the router?

Any help would be appreciated
Thanks,
Kunal Bhatia

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 AM

Posted 16 March 2010 - 04:18 PM

Hello, let's look at the system first.
DDS LOG
We need a deeper look,please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic from step 9.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kb11

kb11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 17 March 2010 - 01:51 AM

Hello,
As suggested by you I tried to follow steps 6-9. Was not completely successful.
The new topic is here: http://www.bleepingcomputer.com/forums/t/303056/rootkits-trojans/

Thanks,
Kunal

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 AM

Posted 17 March 2010 - 12:07 PM

Ok, someone will be along to help you with that. I combined your 2 posts into 1,see below.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users