Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection


  • Please log in to reply
2 replies to this topic

#1 mohavepc

mohavepc

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:09:05 PM

Posted 23 November 2010 - 04:26 PM

Hello All
I have an XP home SP2 machine that has a root kit infection that I cannot Identify or remove. When I try to run a tool such as Malwarebytes or Superantyspyware the program closes as soon as it catches a glimps of something. I have run several programs including Mbam, Superantispyware portable, Hijackthis, tdsskiller, rkill all have been run in safe mode with command prompt from both desktop of infected pc and from a flash drive. Tdsskiller finds a rootkit named vbma1a1f.sys and will only quarantine it not delete it but it returns immediately. rkill closes Svchost.exe that immediately restarts. I cannot post a log as I cannot get anything to run long enough to get a log.Have done a windows repair install to get it out of a no boot situation that was missing the host.dll Any help would be appriciated

Edited by hamluis, 23 November 2010 - 04:56 PM.
Moved from XP to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 mohavepc

mohavepc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:09:05 PM

Posted 24 November 2010 - 11:40 AM

Hello All
I have an XP home SP2 machine that has a root kit infection that I cannot Identify or remove. When I try to run a tool such as Malwarebytes or Superantyspyware the program closes as soon as it catches a glimps of something. I have run several programs including Mbam, Superantispyware portable, Hijackthis, tdsskiller, rkill all have been run in safe mode with command prompt from both desktop of infected pc and from a flash drive. Tdsskiller finds a rootkit named vbma1a1f.sys and will only quarantine it not delete it but it returns immediately. rkill closes Svchost.exe that immediately restarts. I cannot post a log as I cannot get anything to run long enough to get a log.Have done a windows repair install to get it out of a no boot situation that was missing the host.dll Any help would be appriciated

seems that there is no love on this board
will look elsewhere
thanks just the same

#3 mohavepc

mohavepc
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:09:05 PM

Posted 26 November 2010 - 06:54 PM

Just as a follow up to this and although I didn't get a response. I was able to fix this myself by using a live linux (Tux) cd and deleting the files that were causing the issue. I was then able to use all the tools I needed to remove the infection. it was an AV8 infection and it was Nasty to say the least. Good luck you ya




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users