Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Exploit Phoenix Exploit Kit Removal

  • This topic is locked This topic is locked
2 replies to this topic

#1 cheepmeep


  • Members
  • 1 posts
  • Local time:05:36 AM

Posted 19 July 2011 - 09:58 PM

About a week ago, I checked my computer and found that AVG discovered a Virus. This virus was the Exploit Phoenix Exploit Kit. (I have AVG perform scans daily) The most recent things I have done on the computer before AVG had discovered this were download Google Chrome, Update Frostwire, and download 3 mp3 files from Frostwire.

Anyway, when AVG showed I have this virus, it gave me no option of removing it. Being afraid of anything happening, I turned the computer off, and manually unplugged it from power. Today, I finally ran Windows in Safe Mode with Networking, performed a full scan with Malwarebytes, ran AVG command line scanner, and ran SpyBot Search and Destroy. Malwarebytes found 3 files which were adware, SpyBot Search and Destroy found a couple of infected files, but both of these programs successfully removed what THEY had discovered. AVG, however, did not give me a log or anything. Of these 3 scans, I had not come across the Exploit Phoenix Exploit Kit.

Perhaps these programs are not designed to find viruses?

Anyway, how would I go about removing this Exploit Phoenix Exploit Kit?

Thank you,

BC AdBot (Login to Remove)


#2 patndoris


  • Security Colleague
  • 127 posts
  • Gender:Female
  • Location:Maryland
  • Local time:06:36 AM

Posted 02 August 2011 - 07:36 AM

Hello and :welcome:

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!

P2P - I see you have P2P software ( Frostwire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall these now.

If you choose to leave them on the machine, please refrain from using them while we are cleaning the machine to prevent further infection.

Download and Run DDS by sUBs

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Save both reports to your desktop.

Please Please copy / paste the scan reults.


Please attach the second file; Attach.txt.

Scan With RootKitUnHooker

  • Please choose one link and download Rootkit Unhooker and save it to your desktop.

    Link 1
    Link 2
    Link 3
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:/ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Proud Graduate of the WTT Classroom
Member of  UNITE

#3 patndoris


  • Security Colleague
  • 127 posts
  • Gender:Female
  • Location:Maryland
  • Local time:06:36 AM

Posted 07 August 2011 - 10:36 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Proud Graduate of the WTT Classroom
Member of  UNITE

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users