Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootRepeal What now


  • Please log in to reply
1 reply to this topic

#1 ddakota25

ddakota25

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 19 May 2010 - 10:58 PM

I ran MBAM got nothing no infection nothing but my AVG is telling me I have Trojan Horse

So I ran Root Repeal and it found this. Now what? Please help.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/05/19 21:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA880B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA66C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA4210000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\GameHouse Games\Luxor\Luxor.exe:{7C56E9BE-09F9-AAAF-8550-A4A1E3E8143D}
Status: Visible to the Windows API, but not on disk.

Path: C:\GameHouse Games\Luxor - Amun Rising\LuxorAmun.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1107\A0145191.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1107\A0145227.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1108\A0145257.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1110\A0145419.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1113\A0145622.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1118\A0145933.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1120\A0146026.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1125\A0146551.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{79AEE6CB-0A05-45F4-9256-B3559FE1D6D0}\RP1131\A0148215.exe:{FDA61E3E-CB59-24F1-2631-7F92F4515537}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\ServicePackFiles\i386\ndis.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\dllcache\ndis.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\ndis.sys
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 604) Address: 0x01000000 Size: 20480

Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 612) Address: 0x01000000 Size: 20480

Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 2652) Address: 0x01000000 Size: 20480

Object: Hidden Module [Name: svchost.exe]
Process: svchost.exe (PID: 2660) Address: 0x01000000 Size: 20480

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:39 PM

Posted 20 May 2010 - 08:12 AM

Did your anti-virus/anti-spyware scanner provide a specific file name associated with the malware threat(s) detection and if so, where is it located (full file path) at on your system?

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved. See Understanding virus names.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users