Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Rootkit problem


  • Please log in to reply
7 replies to this topic

#1 wearesybarites

wearesybarites

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 23 February 2012 - 08:35 PM

I have been having problems with Microsoft Windows screens popping up saying things like "winrscmde has stopped working- windows can check online for a solution. When I click for a solution,nothing happens and eventually more screens with different "has stopped working" messages pop up constantly. I thought I would try to scan with AVG. I scanned for Rootkits and MANY were found. When I try to remove them, it states "Object is hidden by a rootkit technique (which is usually used by malicious software). Do you really want to remove it? I click yes and the message now states Action cannot be finished because Windows Vista UAC settings are switched off. Please turn UAC on and repeat the action. I have no idea what this means or how to do it. Please help this computer illiterate person.
Thank you for your time.

Edited by hamluis, 23 February 2012 - 08:50 PM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 AM

Posted 23 February 2012 - 09:54 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart the PC


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 wearesybarites

wearesybarites
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 27 February 2012 - 06:43 PM

After running all of the things you told me to, my computer seems to be running just fine. I got an alert from the AVG Resident Sheild Alert that stated
m:\Backup Files\1\1\TP\3 Trojan horse Agent3BFWJ
m:\Backup Files\1\1\TP\2 Trojan horse Agent3BFWJ
m:\Backup Files\1\1\TP\1 Trojan horse Agent3BFWJ
I moved them all to the Vault.

avast! moved over a hundred viruses to vault and the ones I couldn't cure or move to the vault, I deleted. I am not sure that was the best choice but that's what I did.

I think the problems are gone(?) for now. Thank you for your time and for letting me know what to do and how to do it. I appreciate your help.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 AM

Posted 27 February 2012 - 06:53 PM

You may still be infected.Please post the logs as instructed

good luck

#5 wearesybarites

wearesybarites
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 27 February 2012 - 07:23 PM

I can view the scan log but can't copy and paste it here from avast!
Can you tell me how to do it?
The first log was LONG.
The second full scan I did the log was this-
File name-C:\Windows\...\unp215014943.tmp Severity- High Status- Threat:Java:Djewers-U[Trj] Action- Delete Result- Successful

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 AM

Posted 27 February 2012 - 07:26 PM

upload the log to

www.mediafire.com and post the link here

#7 wearesybarites

wearesybarites
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 28 February 2012 - 10:52 AM

http://www.mediafire.com/?4llvvd8pl1uzi

http://www.mediafire.com/?fr9ho956y4ggu

http://www.mediafire.com/?c14qcq5uq6m47

http://www.mediafire.com/?9dg32cq3cwkeu

I hope I did this right. I am not great at computer stuff. Thank you for your patience.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:49 AM

Posted 28 February 2012 - 11:03 AM

Can you upload the text file alone

The link doesnt work

If you find issues uploading to mediafire.com,try this site

http://www.filedropper.com/

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users