I thought myself as quite an expert on this area, but you guys seem to know alot more about these new breed of viruses called "rootkits".
When I fixed this one, maybe I can learn some stuff from you since my job is to removed viruses at peoples homes ^^.
Anyway I found your site through google with someone with the exact same problem which apparently got solved.
My NOD32 antivirus system is repeatedly blocking some adress when surfing on the net, same as the dude above, with lk01ha71gg1.cc in it and stuff.
The virus / spyware is not getting into my system, but it keeps trying and it causes all my browsers to crash after a few HTTP requests.
When I run my NOD32 (also tried Avira, AVG, Malwarebytes) it deletes alot of generated crap, but not the real cause, because after it, it pops up again when browsing and generates the crap again.
Can't these programs see these "rootkits"? Guess i'l have to study it abit more...
I tried to do the same stuff in the solution:
1. Download OTLPE.iso and burn it onto CD
2. When running my PC didn't boot on it, maybe I got to do it from BIOS in windows 7?
3. So I just ran it from explorer, and started the program.
4. Ran the attached fix.txt
5. Got the succes message, but I checked the log which said:
========== FILES ==========
File C:WINDOWSviaagp1.sys not found.
OTLPE by OldTimer - Version 18.104.22.168 log created on 04132010_145841
I guess I did it totally wrong by step 3 already but who knows. I guess the file is different on windows 7.
In the attachments are all relevant logs.
I must say, the browser doesn't crash at all anymore, and I got the blocked IP adress alot less, but it still occurs and worries me.
Thanks in advance for your time.
MOD EDIT: merged 2 into 1 post to maintain ZERO replies~~boopme
I google searched some more myself and found that hitman pro could delete these rootkits.
I installed the free trial of hitman pro and it found the rootkit, which nested itself in "atapi.sys" and "cbs5645.tmp".
After a reboot it deleted the rootkit and i'm clean now!
I hope this helps some of you guys.
Christ, these virus makers are creative these days.
Good luck everyone!
Edited by boopme, 15 April 2010 - 09:34 PM.