Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Root Kit Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 SamarthT

SamarthT

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 06 September 2012 - 03:34 PM

Hi guys ,

I have a User who's Machine is Infected with a WIN32 Root Kit . Please note that i am unable to Post the DDS Log as DDS freezes in the middle of the Scan , Also GMER Scan has only 3 entries " Registry , Files , Services , GMER gives me ( Cannot create Sub Key under Volatile Key error ) and i am not able to select all the options as shown in the " Posting your Logs " Post.

I am Adding Hi jack This and RootRepel Log File for reference and the Emisoft Scanner log which had Picked up 4 infections.

I tried to run GMER and DDS after the scan hoping i would be able to retrieve the log files but the Problem with DDS and GMER still persists after the Scan . I am Certain the Machine is still infected . These Logs which are updated in the case have been generated After the Scan was finished by Emisoft and the 4 infected files were deleted . Please let me know if any further info from my end is required

- Also Rkill Log states i should be able to run Normal Security Software and i have attached the log file for it but -

I still cant run TDSSkiller or other security tools

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:40 PM

Posted 06 September 2012 - 06:20 PM

Hello SamarthT, and another welcome to BC!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • Please check this topic at least once a day for a reply from me, but also allow me some time as logs do take time to analyze and prepare a fix.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Also let me know if you have another clean computer to use, as well as a portable USB device! (We may need to create a boot CD during the fix)
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

Have you tried running Rkill before running DDS without rebooting in between? Same problem there?

==========

Also, I'd like to get a log from ListParts:


  • Double click ListParts.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

==========

If you are able, please post the DDS log and the Result.txt from ListParts in your next reply!

bloopie

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:40 PM

Posted 09 September 2012 - 12:56 PM

Hello again,

Are you still with me? :)

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:40 PM

Posted 11 September 2012 - 08:45 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users