Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a rootkit?


  • Please log in to reply
3 replies to this topic

#1 Dotchli

Dotchli

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 26 July 2010 - 05:40 AM

Hello,

Since a few days I have some problems with my laptop computer. It seems that I cannot connect to the windows update server anymore, whenever I try I get the error: 80072EFE. I can't even find windowsupdate.microsoft.com/ in my internet browser. I tried to connect with a different computer on the same router and it works fine there. So something on my computer is blocking it because all other websites work fine.

One second thing I noticed is that when I'm browsing with firefox or with IE, sometimes a new tab will appear and will direct me to some odd website: one time it will be a (fake) virus scanner will all those scanning animations in the browser or it will direct me to http://nl.memoletter.com/searchx/?id=Malwa...8855&f=6661 or it will direct me to http://prkygczwuln/tre/SENA.exe (I see that java starts running) and many more with those strange addresses, some take ages to load, like if it's downloading something.

I also noticed that my internet has a lot of disconnects lately for just a few seconds.

I have been searching on the internet for a few days to figure it out, and I have already tried a lot of things. But the problem still remains. It seems that I could have a rootkit on my computer. So I scanned my computer with Hitman Pro 3.5 and it did confirmed that I have a TDL3 rootkit infection. I tried a few rootkit removers, but they couldn't find anything. My virus scanner can't solve the problem either (I have bitdefender). I have also tried Malwarebytes, Spyware Docter, SUPERAntiSpyware and CCleaner a few times, it does find something like Spyware.Agent and Trojan-Downloader.Murlo but it doesn't solve the problem.

I'm very frustrated right now as I cannot find a solution and there is definately something wrong. Could someone help me please? My thanks would be great.

PS: Last thing to mention, I'm posting this topic from a different computer because whenever I hit the 'Post New Topic' or the 'Preview Post' button, the browser tells me it can't find the webpage :thumbsup: (does the virus/malware or whatever it is want to stop me finding help?).

Dell
Studio XPS 1640
Intel® Core™2 Duo CPU P8600 @ 2,40 Ghz
4,00 GB RAM
Windows Vista Home Premium 32-bits

Edited by Dotchli, 26 July 2010 - 05:48 PM.


BC AdBot (Login to Remove)

 


#2 Dotchli

Dotchli
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 26 July 2010 - 06:46 AM

I also received these messages 3 times before since I have the problem:

Posted Image

The first message is in dutch but it says that the Hostprocess for Windows-Services doesn't work anymore and will be closed.
I did not know if I should allow or block the server port (??).

Edited by Dotchli, 26 July 2010 - 06:48 AM.


#3 Dotchli

Dotchli
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 27 July 2010 - 10:07 PM

Does someone know what to do, please? I'm still struggling with it :thumbsup: no scanner helps.

Kind regards,

Dotchli

#4 Dotchli

Dotchli
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 04 August 2010 - 10:44 AM

Now my bitdefender detected a new virus twice in: Exploit.PDF-JS.Gen, located in c:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGQ6NEG6\Vanitybagdoubtful[1].pdf=](JAVASCRIPT)

My problem as described above hasn't been solved yet, I still cannot update windows nor I can reach the windows update website. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users