Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootkitBuster-Operate system Hook- zw...


  • This topic is locked This topic is locked
6 replies to this topic

#1 leonidaso

leonidaso

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 15 September 2013 - 07:10 AM

Hello my friends,

after AVAST Security pop up this ''found rootkit'' and then removed it.

I use then  Malwarebytes and Super antisyware and find about 45 infections and removed them to.

 

After scaning again this programms say's  ''no infections found''.

 

 

The last scan I make was with Rootkitbuster this programm say's it founds

 

different system hooks like

 

zwCreate mutand...hooked by c:windows system 32...

 

zwCreattimer...dublicate...and so on.

 

About 25 logs without to fix. It can't fix it say.

 

Are this serious threat or something else?

 

Thank you


Edited by leonidaso, 15 September 2013 - 07:11 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 15 September 2013 - 07:16 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 leonidaso

leonidaso
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 15 September 2013 - 07:58 AM

Hello my friend,

I don't find the log files from Malwarebytes, I must erased this files by mistake.

But I run Malwarebytes Anti-Rootkit BETA 1.07.0.1005 and Junkware Removal Tool (JRT) by Thisisu and last  Trend Micro RootkitBuster programm.

I got this txt files,sorry about that but I do it before you write to my.

 

I don't know what do do and so.....

Attached File  1379242671.txt   78.63KB   2 downloadsAttached File  JRT.txt   2.88KB   1 downloadsAttached File  system-log.txt   22.81KB   3 downloads

 

I hope you can see this files.

 

Thank you for all!

 

 

If I find the another txt files with recuva Isent it to you.


Edited by leonidaso, 15 September 2013 - 08:00 AM.


#4 leonidaso

leonidaso
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 15 September 2013 - 08:34 AM

I find This txt from

 

SUPERAntiSpyware Scan Log:

Generated 09/15/2013 at 10:06 AM

Application Version : 5.6.1032

Core Rules Database Version : 10768
Trace Rules Database Version: 8580

Scan type       : Complete Scan
Total Scan Time : 00:38:41

 

Heur.Agent/Gen-WhiteBox!!!
    C:\USERS\DEFENDER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AY3S01R0\PAPA_8250[1].EXE !!!

 

Thank you.



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 16 September 2013 - 01:18 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 leonidaso

leonidaso
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 16 September 2013 - 04:09 AM

Hello again.

thank you for your help.

After the jnfection two days ago,I see that the programms of malwarebytes...Superanti sp...

erase the troyans and rootkits.

But in time of four five hours with the antivirus scans of this programms the half of the viruses and troyans....

again there in my system.

And more they hijack all the browsers and put extensions in there I don't want.

A mega mess.

 

So I make a new Windows 7 Clean installation.

 

Anyway,THANKS FOR YOUR HELP!

I use your information in a future problem.


Edited by leonidaso, 16 September 2013 - 04:09 AM.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 PM

Posted 16 September 2013 - 04:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users