Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've got a bad one and I need some help!


  • Please log in to reply
2 replies to this topic

#1 zerovertex

zerovertex

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 13 August 2010 - 02:11 PM

I have run ComboFix repeatedly. Each time, it wants to restart due to rootkit activity. Obviously, it's not killing it. I really really don't want to go though the trouble of reloading this machine.

Other symptoms: When connected to a network with a live internet connection, it saturates the connection and no one else on the network can get online. As soon as the NIC is disabled on the machine, all is well again for the rest of the computers.f

The user did tell me she opened a attachment in Microsoft Outlook 2000. I can possible get the exact executable she opened and post it if it helps.

THANKS TO ALL WHO WORK SO HARD TO KEEP ON TOP OF THIS!

EDIT: Windows XP Pro SP3 with Symantec Antivirus installed.

ADDED INFO: After looking though the ComboFix logs, I suspect something is hooked into my ndis.sys and possible other driver files.

Edited by zerovertex, 13 August 2010 - 05:03 PM.


BC AdBot (Login to Remove)

 


#2 zerovertex

zerovertex
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 16 August 2010 - 12:33 AM

Bump...
Can I get some suggestions on this? Even if it's "You're screwed! Reload Windows", I'll take that.

I know you guys are busy. Maybe some hold music or something.

"We're sorry but all of our malware/spyware/rootkit security experts are busy assisting other forum users. Your post is important to us and will be replied to in the order in which it was posted. Thanks for using bleepingcompter.com".

Just a little joke there. But seriously, the city clerk of my city is waiting on this (it's her computer)so any response is appreciated.

Thanks again guys and gals for all the hard work you put in to help the common joes with computer problems!

#3 zerovertex

zerovertex
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 16 August 2010 - 11:58 AM

Okay. After reading this (http://www.bleepingcomputer.com/forums/index.php?showtopic=335466&hl=Rootkit+activity) I see that ComboFix was not where I should have started. I'm preparing to backup data and wipe and reload Windows. It sucks but it's the only was to be certain the rootkit is gone.

For all those that read my post and shook their heads... a quick reply wouldn't have killed you.

I'll be prepared for my next rootkit run in with proper procedure to get assistance in this forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users