Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to access internet. (Rootkit) Help!


  • This topic is locked This topic is locked
3 replies to this topic

#1 PaigeF

PaigeF

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 22 July 2010 - 07:02 PM

Hi. I have to unfortunately introduce myself today. I'm Paige and I've got some nasty maleware that wont leave my computer.

This morning everything was running smoothly until I got disconnected from the internet. Thinking it was my provider, I called them and had them reboot our modem. That didn't help.
I happened to install the latest Malewarebytes' Anti-Maleware and did a scan. I seem to have something called Rootkit that the anti maleware program says it gets rid of by doing a system reboot, but
everytime I scan, it keeps coming back. Now, this isn't affecting just my computer, it also keeps my Wii from connecting to the internet when my computer is hooked up to the internet. When I unhook my computer, the Wii works fine. I'm not on the infected computer, so I'm unable to download programs. I've tried getting on the internet in Safe Mode with Networking, but it wont let me on either. I also have Rkill which terminates a file called "l9lbewom.exe"

This is what my Malewarebytes Scan read: (This was all written and retyped as I have no way to copy and paste from my infected computer)

7/22/2010 4:01:28 PM
mbam-log-2010-07-22 (16-01-28).txt

Scan type: Full scan (c:\|)
Objects scanned: 243775
Time elapsed: 38 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\Service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

I forgot to mention that I'm running on Windows Vista.

Merged posts. ~ OB

Edited by Orange Blossom, 27 July 2010 - 11:30 PM.


BC AdBot (Login to Remove)

 


#2 PaigeF

PaigeF
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 23 July 2010 - 01:30 AM

bump for my computers life.

EDIT: Please be patient. There are over 480 unanswered topics in this forum at present and the current average wait time to receive help is 6 days. ~BP

Edited by Budapest, 24 July 2010 - 07:37 PM.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:21 AM

Posted 30 July 2010 - 02:23 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #4 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:06:21 AM

    Posted 06 August 2010 - 02:08 AM

    Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users