Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection resisting removal by boottime scans with Avast and MalwareBytes


  • Please log in to reply
2 replies to this topic

#1 indigowombat

indigowombat

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 02 April 2010 - 08:59 PM

Hi. I've got an infection of some kind that has a rootkit component that is still there even after Avast and/or MalwareBytes run a boot-time scan to eliminate it. Immediately after the reboot, I scan my computer with Avast and the infection is still there. Avast reports the infected file as "C:\WINDOWS\SYSTEM32\zuyinuni.dll" and classifies it as "Rootkit: hidden file". Initially the infection affected my search results on Yahoo! search engines, redirecting all links in the search results to malicious pages, and for a time it also blocked MalwareBytes from operating properly at all. I was able to get around that problem by reinstalling MalwareBytes and downloading a randomly renamed copy of mbam.exe, which the infection was deleting during the install process. Once fixed and renamed, MalwareBytes was able to repair the search engine problem, and now the only sign of the infection is when it shows up on my scans with Avast and MalwareBytes, but it appears to survive these programs' attempts to delete it during boottime. Any assistance in finishing off this pernicious beast would be appreciated.

EDIT: Oh, yes. I'm running Windows XP.

Edited by indigowombat, 02 April 2010 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 03 April 2010 - 12:50 AM

See this topic:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 indigowombat

indigowombat
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 04 April 2010 - 01:05 AM

Thank you. As it turns out, Avast's latest security updates have fixed the problem and there is no longer any trace of infection, so no further help will be needed. Feel free to close this topic. Thank you again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users