Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Is this a sign that my computers infected with a rootkit?


  • Please log in to reply
6 replies to this topic

#1 ggirl23

ggirl23

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 June 2012 - 01:25 PM

Hello,

I have Windows 7 64 bit, and yesterday, I was unable to connect to the net. Then I noticed that the icon for net connection (bars) was gone. I looked into the network connection and sharing, and it wasn't showing any networks at all, not ours, not the neighbors. I thought this was odd... at some point during my checking on things, I got an alert saying that Windows Security had been disabled and needed to be enabled. I tried to do this by clicking on the enable button in that came up(sorry if I'm not describing everything correctly) but it was greyed out, and I was unable to do it. I got the idea to go into System Config and check if these things had been disabled there-- what I found was, that the network link had been disabled, along with Windows firewall and Windows Security. I re-enabled them all and that did the trick as far as the internet links working again, however my computer is running reaaaaallllly slow, I am constantly getting the "wheel." I've checked for other big memory users, and I don't see anything unusual, except for svchost.exe taking up quite a bit of memory, which I've never seen before. but I am no expert here as you can tell. So if there is anymore information I can provide to help anyone determine the problem, please, let me know.

BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:23 AM

Posted 28 June 2012 - 01:26 PM

1. Run a scan With MBAM:

Download Malwarebytes' Anti-Malware free version (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. Download TDDSKiller

  • Launch it.
  • Click on change parameters-Select TDLFS file system.
  • Click on "Scan".
  • Please post the LOG report(log file should be in your C drive).

3.MOD EDIT:Removed unauthorixed tool

4. Please also perform a Eset online scan;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Edited by boopme, 29 June 2012 - 09:34 PM.


#3 saraovana

saraovana

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 28 June 2012 - 02:17 PM

Try with hitman pro - free trial version is available from surfright.com. You haven't mentioned the svchost location is it in system 32 or windows. Need to check the same.

#4 ggirl23

ggirl23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 June 2012 - 04:07 PM

Try with hitman pro - free trial version is available from surfright.com. You haven't mentioned the svchost location is it in system 32 or windows. Need to check the same.


Can you tell me how to check for this--i.e where to look and what am I looking for? When I found it, I was simply looking up memory usage in the performance monitor. I don't think there was any specification on the location. BTW, I just muddle through this stuff with the help of Google and Forum's like this, so bear with me!

Edited by ggirl23, 28 June 2012 - 04:14 PM.


#5 ggirl23

ggirl23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 June 2012 - 04:09 PM

Hi There--

I am in the middle of moving, so I am going to go through all these steps later tonight- however, I wanted to mention that I have Anti-malwarebytes installed all ready, as well as Avast. I have run scans with both, and neither have come up with anything positive-- although Avast did give 3 messages that something suspicious but unidentifiable was found, and it recommended that I open the files in the sandbox, but when I clicked "ok" Nothing happened--i.e the sandbox did not open-- I don't know if it's supposed to. I have all ready downloaded and run a scan with TDSkiller and it found nothing as well. I will make sure I've done all the steps in the list later and send you the logs. I don't believe that there is nothing there-- otherwise why was all of my security disabled? Malwarebytes was also disabled, but I noticed, not Avast... Anyway, more later.

#6 ggirl23

ggirl23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 28 June 2012 - 06:12 PM

Try with hitman pro - free trial version is available from surfright.com. You haven't mentioned the svchost location is it in system 32 or windows. Need to check the same.


Hi, I ran HitMan Pro, and it did indeed find Malware--interestingly named "svchost dll" I did remove and reboot, but I still have the "wheel" going constantly, however, I am aware that this could be unrelated. I checked the CPU usage however, and it's gone way back down to 0-6 percent, down from 30-75. I've had problems with Firefox memory leaks as well as Windows Media Player network sharing memory leaks, so I am wondering if there is another issue related to a memory leak, and the CPU is just way down because I rebooted. I'll check again in a bit. Also, all the svchost.exe files listed under "memory" in the performance monitor were as such: c:/windows/system32/svchost.exe

Once again, I'll get back with a full report later.

#7 ggirl23

ggirl23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 29 June 2012 - 12:32 PM

Hi-- please don't close this thread, I don't think I'll be able to get to the full report until after our move. Too crazy! It will have to wait a few days. Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users