Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think This Is A Rootkit


  • Please log in to reply
4 replies to this topic

#1 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 AM

Posted 24 August 2011 - 02:33 AM

Hi Everyone,

I am working on my nieces computer and I think the main problem might be a rootkit.

I cannot get an Antivirus program to install and Malwarebytes or SuperAntiSpyware to run even as long as a minute but at one point the latter showed that trojandropper.svchosts-fake (or false instead of fake, not sure which it was) was found.

When I run rkill it shows that it terminates \\.\globalroot\Device\svchost.exe\svchost.exe which I believe is a rootkit, will anyone please tell me if it is and if so if there is a program that is reliable at getting rid of it?

I know all the risks of having a rootkit on a system and how it really cannot be deemed safe without a reformat but we can't reformat this and reinstall so I am wondering if there is a program that is reliable at getting rid of this if it is a rootkit?

Also, before finding that on there, I had my flash drive in that computer and then back on mine. I put it back on my system because I was fairly certain that nothing had jumped onto it but I still ran Flash Disinfector on it and my antivirus program on it and it shows clean, do you think I can trust it? If I am going to try to clean that computer I am going to have to put it back in as I cannot access the internet with the infected computer.

Thanks for any and all help anyone gives, I appreciate it.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:51 PM

Posted 24 August 2011 - 05:10 AM

Can you post Malwarebytes Log?

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:51 PM

Posted 24 August 2011 - 10:32 AM

\\Globalroot\Device\svchost.exe\svchost.exe is a sign of the ZeroAccess Rootkit.

You have a serious malware infection. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need to create and post a DDS log for further investigation.

Please read the "Preparation Guide".
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, please reply back here with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:51 AM

Posted 25 August 2011 - 01:06 AM

QuietMan, thank you very much for all that info, I really appreciate it. I am not sure if it is worth trying to fix this but if I decide to try, I will do as you suggested. Again, thank you.

Crypto, no, I cannot post a Malwarebytes log. Like I said, the program won't run, but thank you for your effort.

Edited by Stang777, 25 August 2011 - 01:08 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:51 PM

Posted 25 August 2011 - 07:44 AM

Not a problem Stang.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users