Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got A Rootkit


  • Please log in to reply
5 replies to this topic

#1 KF7LCE

KF7LCE

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 18 January 2012 - 12:31 AM

Hello,

I am certain that I picked up a rootkit somewhere, and I have no clue how to get rid of it. It's installed the Win 7 Antivirus 2012 and the System Check viruses on my PC, and I've had Google redirects to fake search engines like Scour.com. I've been able to kill the two viruses thanks to the excellent uninstall guides posted on here, but since there's still redirects and TDSSKiller is blocked, even after using the rename trick, it looks like the problem is still there. RKill isn't showing anything, and MBAM only brings up two trojans. When I delete those trojans, they come right back after a reboot. Read everything and I've got no idea of where to go from here! If anyone could help, it would be greatly appreciated!

I'm running Windows 7 64 bit, and can post the MBAM log.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:21 AM

Posted 18 January 2012 - 02:58 AM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot you may be asked to repair MBR ,click on repair.

Run tdsskiller now

Download

http://public.avast.com/~gmerek/aswMBR.exe

Launch it, allow it to download latest Avast! virus definitions

Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Good luck

#3 KF7LCE

KF7LCE
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 18 January 2012 - 02:52 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot you may be asked to repair MBR ,click on repair.

Run tdsskiller now

Download

http://public.avast.com/~gmerek/aswMBR.exe

Launch it, allow it to download latest Avast! virus definitions

Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Good luck


Neither of those will start. Windows asks for permission to run them, I give it, it gives me the loading symbol for a second, then nothing happens. Is something up with my .exes, or am I just doing something really stupid?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:21 AM

Posted 18 January 2012 - 03:10 PM

Did you try that in safemode?

Try to rename FIXTDSS and run it

#5 KF7LCE

KF7LCE
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 18 January 2012 - 09:54 PM

No luck. Renamed FixTDSS to "iExplore.exe" Ran it, then it tells me "Pre-boot operation failed".

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:21 AM

Posted 18 January 2012 - 10:59 PM

I would suggest you to

Read the preparation guide

http://www.bleepingcomputer.com/forums/topic34773.html

Create a new topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users