Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

repeated virus infections


  • Please log in to reply
3 replies to this topic

#1 rdcdbd

rdcdbd

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 11 March 2011 - 04:50 AM

http://www.bleepingcomputer.com/forums/topic291778.html takes you to an old topic which runs out before there is a solution. There is some similarity there with my own problem: an uninformed member of the household clicked on a "your quota" virus link. The rather extensive damage seems to have been repaired, but Trojan viruses are now being installed repetitively (and picked up the various defenses).
If I understand correctly, a rootkit is to be feared.
I used RootkitRevealer and got 3 worrying drivers dated October 2010 in Windows\assembly\GAC... "visible in Windows API but not in MFT or directory index". There are also 3 exe's in the same directories with the same description; + HKLM\Security\Policy\Secrets\SAC* and SIC* "key name contains embedded nulls(*)" (vd. attachment).
Let me add that I installed the operating system (XP) myself and have the disc, so if need be, I can just save everything to an external hard disc and do it all again.
Thanks for any help.

Attached Files


Edited by hamluis, 11 March 2011 - 08:39 AM.
Moved from XP forum to Am I Infected.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:52 PM

Posted 11 March 2011 - 08:38 AM

It's not wise...to take someone else's malwaare topic...and try to apply it to your own situation, IMO.

I will move your post to the appropriate malware forum here at BC, where someone more knowledgeable can review your situation.

Louis

#3 rdcdbd

rdcdbd
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 11 March 2011 - 08:45 AM

Maybe, but you have to start somewhere.
Following the extensive guidelines, I went myself to the malware forum and posted a new topic. Presumably I will have to remove this earlier one. But I don't see it anywhere.

#4 rdcdbd

rdcdbd
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 11 March 2011 - 08:49 AM

Sorry, there's a thing called "am I infected" and it's there. So should I leave the original one there and the lengthier one on Malware?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users