Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

elusive rootkit


  • Please log in to reply
9 replies to this topic

#1 attak sekwence

attak sekwence

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:phoenix, AZ
  • Local time:09:21 PM

Posted 06 October 2012 - 02:12 PM

hey all i just did a fresh install of windows 7 i have linux set up as my main OS so the only thing i've used windows for is gaming. there should be about 130GB out of roughly 300GB used but it seems i have run into a wench in the bay and gotten myself a root kit or other replicating virus. my drive has filled up for no apparent reason. i ran windows c cleaner, and priform c cleaner and i haven't freed up any space (has been the temp fix in the past. i also ran malware antibytes, malware antibytes charmeleon, super anti spyware and TFC. i didn't pickup anything or clear any of the garbage space. so now im a little stuck.

edit: and i just started a trend micro housecall, next up is AVG then maybe avast.

Edited by attak sekwence, 06 October 2012 - 02:14 PM.


BC AdBot (Login to Remove)

 


#2 MousePad

MousePad

  • Banned
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 06 October 2012 - 02:21 PM

You shouldn't be installing all those antiviruses, they allow more infections to break through and cause system slow down... Uninstall all and choose ONLY ONE antivirus, firewall, anti spyware. Most AV's have ASP in them already.
Follow the instructions and post the logs needed...
Go to this forum: MalwareRemoval Forum.

Edited by MousePad, 06 October 2012 - 02:23 PM.


#3 attak sekwence

attak sekwence
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:phoenix, AZ
  • Local time:09:21 PM

Posted 06 October 2012 - 02:40 PM

i've never had an issue with running multiple scans as i've encountered some scanners pick up what others did not even had avast (which i consider low end) find a trojan that mbam missed. the scanners are not active protection just detection software and they don't interfere with each other like paid software like mcafee and norton do because they are both fighting to be the main software used. many free virus scans are incomplete and do not offer total protection such as ASP, firewall etc

thanks for your insight i'll try the instructions in that link

#4 MousePad

MousePad

  • Banned
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 06 October 2012 - 02:45 PM

Your welcome, but the realtime do conflict. No matter what. Except MBAM and Stuff. You don't need to run multiple scans.
You can go to virustotal and upload a file below 32 MB and it scans it with 43 antiviruses, I think those are all of them.
it gives results.
Try it out! Virustotal

#5 attak sekwence

attak sekwence
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:phoenix, AZ
  • Local time:09:21 PM

Posted 06 October 2012 - 03:03 PM

is there another alternative to virus total that allows bigger files that you know of? alot of times i download .exe's and .iso's that are a couple GB's in size and that would be a handy tool to use as i have encountered many of them that are viruses and also falsely reported as viruses due to the nature of some of the programs they contain.

#6 attak sekwence

attak sekwence
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:phoenix, AZ
  • Local time:09:21 PM

Posted 06 October 2012 - 03:09 PM

running GMER right now but real quick i was following along the instructions and when i comes to configuration before the scan i couldnt select the following because they were all greyed out but the scan seems like it is running completely from what i can tell
couldnt select
systems
sections
iat/eat (but shouldnt be selected anyway)
devices
modules
processes
threads
libraries

is that maybe an older part of the interface not used anymore i noticed it wasn't offered to download by .zip so i thought maybe some program changes have occurred making those options automatic or obsolete in some way

just checking so i dont post an incomplete log or waste anyone's time

#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:21 AM

Posted 06 October 2012 - 08:41 PM

attak sekwence,

I will put out a call for a malware removal expert to look at this topic. Please hold off posting the logs for now. It's possible your issue can be dealt with here. If more advanced logs and tools are needed an expert will let you know.

Meanwhile, please read this Am I Infected? What do I do? How do I get help? Who is helping me? What advice can be given in this forum

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:21 AM

Posted 06 October 2012 - 09:43 PM

You know, rather than go on an immediate malware hunt it might be good to figure out where the lack of space is coming from. Here's a nice freeware tool to help you with that. http://www.z-a-recovery.com/tools-visualizer.htm

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 MousePad

MousePad

  • Banned
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 06 October 2012 - 09:50 PM

Sorry but no. There are no websites that offer anything above 35MB.
There is not alot of website space, virustotal offers the most MB, it was bought by google, hopefully they increase the space and amount of upload size soon. :). You can try to download below 35MB of a bigger file, then cancel the download, then virustotal it, maybe the virus will already be downloaded. Or submit a file to your antivirus so it can be analysed.

#10 attak sekwence

attak sekwence
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:phoenix, AZ
  • Local time:09:21 PM

Posted 07 October 2012 - 04:46 PM

thank you that free tool has actually made me realize just HOW MUCH i had been downloading.... well now i feel like a complete idiot I thought i had partitioned more then enough space as this installation is just for my games and OS nothing else linux is my main OS but i guess i forgot how big some games can be and since i had to reinstall windows i have just been fervently downloading and installing trying to get my game library to its former glory ...i just hadn't realized how much space it really takes. I had to turn to TPB for quite a few games after my kid neighbor found my drawer full of "shiny frisbees" and i thought i had gotten a bad torrent.

again im a retard lol I tunnel visioned and convinced myself i definitely had a problem and even after all those scans coming clean i was still determined to find the problem that wasnt there...doh

Edited by attak sekwence, 07 October 2012 - 04:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users