Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan rootkit removed but now DEP won't enable


  • Please log in to reply
2 replies to this topic

#1 St8kout

St8kout

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 20 July 2012 - 02:36 PM

Found out I had a Trojan:JS/Redirector.JA while trying to troubleshoot IE9 browser problems. Another forum told me how to find/remove it (boot with Windows Defender on a USB stick) when all the other malware scanners failed to find anything, (Malwarebytes, Spybot, HitmanPro, and several others). This is not the same as the regular Windows Defender btw.

One of the symptons was that Microsoft's Fixit kept saying DEP was disabled and it re-enabled it, but something kept immediately disabling it. Well now the rootkit is gone but Fixit still keeps finding/fixing the same problem.

So does anyone here have any ideas how to keep it enabled? I was thinking something in the registry must have gotten screwed up by the rootkit but I've run several registry fixes from CCleaner and others to no avail.

In case this helps anyone, the browser problems were such things as websites were taking way too long to load and the back button kept reloading the same current page without going back. Now, with that rootkit gone, websites load instantly and the back button works flawlessly. It was a Java exploit and it got in my computer before Sun issued a patch. I kept getting prompts from Sun to install the patch but when you clicked on it, the dialog box vanished so you didn't know if it worked or what. It also disabled Microsoft Security Essentials. When re-enabled MSE found dozens of "Exploit: Java/Blacole..." That's when I started running all the malware scanners and they found nothing, so you are led to believe your computer is clean, but it was in fact still hiding in there. Sneaky little bugger. It was only because IE9 was still screwy that I kept looking for it. It didn't help that most of the advice was from the IE haters saying to switch to Firefox, Chrome, etc, which would have left the rookit in place.

I'm not sure but I think I picked it up from downloading some PDF viewer, ExpertPDF or something like that. It was more adware than pdf viewer so I uninstalled it, (afterwards I discoved adobe reader no longer worked. Had to reinstall it). Also, one malware scanner called Exterminate-it said it found something but said I had to buy their $15 program to remove it. Uh, no thanks. I already know about such scams as this.

Edited by hamluis, 20 July 2012 - 07:53 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:48 PM

Posted 20 July 2012 - 02:50 PM

Have you had your malware logs analyzed by a trained malware expert and been given the all clean go ahead. If so by who and what forum, please. Or are you yourself a trained malware removal specialist. The reason I ask these questions is because, if you have not been deemed all clean, you could very well be wasting your time and the person helping you if you have remnants of malware lurking. It would be much better to know you are working on a fix for your issue without the potential for it not working because of malware.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 St8kout

St8kout
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 20 July 2012 - 03:50 PM

Yeah, you're right, and I do keep wondering if there is still something lurking in there.

I'm posting on more than one forum thinking that there must be someone somewhere with a similar experience with millions of users out there. Oddly enough googling my DEP problem only showed one other person, and he was running WinXP. He didn't get much help, only with someone saying maybe check his boot files. That was from a couple of years ago or so.

No, I'm no malware expert. I've been getting some help from WindowsSeven forum. You can see the thread here of the WDOlogs I posted:


http://www.sevenforums.com/general-discussion/241131-removed-2-malwares-now-need-help-dep-2.html

Edited by St8kout, 20 July 2012 - 03:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users