Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus soft and Rootkit - can't get either out


  • Please log in to reply
1 reply to this topic

#1 jaimm

jaimm

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 13 June 2010 - 09:39 AM

Anti-virus soft was found and I took the following steps.
1. Removed proxy server in IE tools menu under connections.
2. Ran updated SAS and MBAM and stopped the process, I think.
3. Manually deleted 5 registry items per removevirus.org instruction.
4. Removed random letter directories in D&S/user account/local settings/application data

In approximately 10 restarts it came back, proxy server et al.

Follow-up full scan of MBAM found Rogue.AV SecuritySuite in
C:\System Volume Information\_restore{9ADDF817-73CB-45A6-B13C-ABE68D3FBFF1}\RP117\A0718496.exe
I can't see this folder in Windows Explorer. I removed and deleted this in MBAM.


Rootkit problem was identified and following steps taken.

1.Download and run tdsskiller.exe and one rootkit was found and removed.
2.Download and run Hitman Pro 3.5 and viamraid.sys in Windows/drivers was found to be acting like Alureon-FZ (Engine Bee). I tried deleting, quarantining and do not delete.
But followup reruns of Hitman Pro would still find viamraid.sys to be a problem.
3. Ran updated SAS and MBAM and found no problems.

Any help with either of these would be appreciated.

Running XP on an old off-brand desktop. I think it has been updated thru SP3.

Thanks.

Edited by jaimm, 13 June 2010 - 10:47 AM.


BC AdBot (Login to Remove)

 


#2 jaimm

jaimm
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 14 June 2010 - 06:25 PM

Update - Followed AV Soft removal instructions from this website.

Appears to be gone.

But not hooking up to internet to test until Rootkit with Alureon FZ Engine B has been solved.

Full test for AV Soft will come later.

Please help with Alureon FZ or move to another forum if I am in the wrong place.

Thanks in advance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users