Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to get rid of this malicious rootkit


  • Please log in to reply
1 reply to this topic

#1 Cyima

Cyima

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 26 October 2010 - 08:11 PM

I have been trying to dis infect my computer for the last few days and i am at the end of my wits now. Two days ago, my computer started behaving weird and keep freezing on me whenever i clicked a link in a browser. SO i decided to run some scans and found out few trojans. After they completed it told me that they did find something and I hit the delete button as it recommended. I thought all was now well, but after another warning of malicious URL, all the icons on my desktop flickered, and the appearance of the windows changed, from the standard appearance of Vista (key example are the buttons in the corner which are elongated and highlight when moused over) to something which looked more like Windows 98. I shut the computer down and restarted, and it was back to the Vista look. I am using Avast antivirus protection which is giving me the warning of

"Malicious URL blocked
Object:199.80.55.80//go.php?data=uQQLG38cg0rCsO4ROq6d2Hzr68Mtjto
Infection: URL: Mal
Process: c:\Windows\system32\svchost.exe
"

I thought that the URL would mean something to do with the browser I had used when the problem first arose (Google Chrome) so I started it up...but it didn't. Chrome was completely unresponsive and loaded nothing. I uninstalled, downloaded it again with Safari, and still it loaded nothing. I tried using CCleaner to uninstall again, and when I Ran the Cleaner (Habit) it told me that i have to shut down Google Chrome if i want the cache to be cleared. Okay....but Google chrome wasn't running at the time. I started it again, shut it down with Task Manager, and still it told me Google Chrome is running.

I think i've used every anti virus,anti malware, and rootkit detector in the planet including rkill and tdsskiller to no avail. I reckon with the time, infestation is getting deeper and i am getting url redirection and freezing getting worse.

I'm now fairly annoyed, and in all honesty quite scared. Apologies if the description isn't very clear, it's hard to describe.
Can anybody help me?

Many thanks in advance.

Edited by Cyima, 26 October 2010 - 08:23 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,995 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:30 PM

Posted 29 October 2010 - 10:46 AM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users