Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!! Nasty Rootkit infected my bios, cpu, RAM, cannot get rid of!!


  • This topic is locked This topic is locked
1 reply to this topic

#1 nerdkittin

nerdkittin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 14 December 2010 - 02:55 AM

Please help, I have been struggling with this rootkit for sometime now. It continues to plague every device on my network or that has been attached to my computer. My mobile phone, ipod touch, external HD all have hidden partitions that I cannot delete. This rootkit has total remote control of everything I own... I really need any help I can get!! Thank you ahead of time!
Here are the requested logs:

DDS:

DDS (Ver_10-12-12.02) - NTFSx86
Run by kittin at 2:34:49.53 on Tue 12/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.1449 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Users\kittin\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kittin\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-10 530944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

=============== Created Last 30 ================

2010-12-14 06:58:54 -------- d-----w- c:\users\kittin\appdata\local\Opera
2010-12-14 04:11:15 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-14 04:08:34 -------- d-----w- c:\windows\Panther
2010-12-13 20:52:25 -------- d-sh--w- c:\windows\Installer
2010-12-13 20:52:22 -------- d-----w- C:\f7ffe434c209161c6a757d0c1c24667f
2010-12-13 20:44:18 -------- d-----w- c:\users\kittin\appdata\local\ElevatedDiagnostics
2010-12-13 20:25:13 -------- d-----w- C:\pebuilder3110a
2010-12-13 20:24:45 -------- d-----w- c:\program files\NoVirusThanks
2010-12-13 20:20:40 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{940cabfc-2589-4afe-ad05-938a0dee527f}\mpengine.dll
2010-12-13 20:20:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-13 20:20:25 -------- d-----w- c:\windows\system32\wbem\Performance

==================== Find3M ====================


============= FINISH: 2:35:06.90 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:16 PM

Posted 19 December 2010 - 06:33 PM

Duplicate topic closed. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users