Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I've been rooted, cannot run DDS or GMER


  • Please log in to reply
1 reply to this topic

#1 Vrank92

Vrank92

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 07 December 2011 - 01:32 PM

I started getting some help with my problem over at daniweb, but I think I'm having problems that I might need some backup on.

Whole story:
about a week ago, iexplore.exe started running itself in the background (had audio playing once, never visible windows) and if I clicked on a google link, the first 3 times it will redirect to somewhere else. I installed an extra seat of Norton 360 that I had, ran it, malware bytes, & spybot, and found some things, including a genrouge at one point, all with my system restore turned off, but it never fixed the symptoms. I started getting some help over at Daniweb (here's my thread: http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/398176 ) and that's when I started hitting some REALLY odd dead ends.

I ran GMER, but got an error 0xC000010E about not being able to create a subkey under a volatile parent subkey. I can continue, but only a few of the scanning options are available. This happens in normal boot and in safe mode (no networking, no command line)

I tried to run DDS.scn, and first it ran as an autocad script, which only opened notepad and flooded it with non-alpha numeric text. After running a file the guy at Daniweb gave me that added something to my registry, it ran... and about 75% (it seems) of the way through (The #'s line up across the screen until they are under the R and E in "post the log in the forum wheRE it was requested") and it freezes both the software, and seemingly the machine (everything stops working, no response to alt-ctrl-del, clock freezes, mouse still moves) and did the same in safe mode, except the clock kept moving. It took about 10 mins to get to that point, and I let it sit in safe mode 2 hours and still never got further. (I sent a message to sUBs here, hoping they might have an idea of what step was getting bogge down, if they are still active here)

I then tried to run TDDSKiller and it ran(according to task manager) for about 3 seconds, then closed. I tried to run again, and it never even appeared in task manager. if I moved the file, or changed the name, the same thing would happen- run for three the first try, and after that nothing.

hijack this and other logs weren't showing any thing that alerted the person on daniweb, so I was kinda stuck.

I was basically ready to give up and do a new OS install, so I figured i would try running combofix by myself, like an idiot. It ran, told me I had rootkit.zeroaccess and that it would be hard to get rid of. I let it keep going then another popup appeared saying something like "possible rootkit detected" and the clock froze and while the mouse responded, nothing else did. I ran the uninstall command, so I think I'm in the clear on that. Everything runs fine (so I think I lucked out and didn't kill it), except I still have the same redirect and iexplore issues as before.

Any advice would be exceedingly welcome.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:22 PM

Posted 10 December 2011 - 01:15 PM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users