Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sysenter hook


  • This topic is locked This topic is locked
2 replies to this topic

#1 manofkryptonak

manofkryptonak

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 21 October 2013 - 02:46 PM

Hi my name is Ralph,

 

I build my own computers and stuff but I'm not very good at software. I can do a lot more than the average user, but some viruses are over my head. Such as this one, 16 sysenter hook viruses, I believe it is a trojan? Could be wrong about that... I have run rkill then AVG free (reinstalled to get full version for 30 days and updated), then ran malware bytes & maware bytes anti-rootkit; the problem still persists! Thanks in advance for all the help, I will help as much as I can in the hardware forum!

 

My DDS Log after rkill was run:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-21 14:29:19
-----------------------------
14:29:19.696    OS Version: Windows x64 6.1.7601 Service Pack 1
14:29:19.696    Number of processors: 8 586 0x3A09
14:29:19.697    ComputerName: TIPPIN-PC  UserName: Tippin
14:29:19.789    Initialze error 1 
14:30:27.156    AVAST engine defs: 13102100
14:31:26.939    The log file has been saved successfully to "C:\Users\Tippin\Desktop\aswMBR log 1.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-21 14:29:19
-----------------------------
14:29:19.696    OS Version: Windows x64 6.1.7601 Service Pack 1
14:29:19.696    Number of processors: 8 586 0x3A09
14:29:19.697    ComputerName: TIPPIN-PC  UserName: Tippin
14:29:19.789    Initialze error 1 
14:30:27.156    AVAST engine defs: 13102100
14:31:26.939    The log file has been saved successfully to "C:\Users\Tippin\Desktop\aswMBR log 1.txt"
14:31:32.388    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:31:32.390    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:31:32.423    Disk 0 MBR read successfully
14:31:32.425    Disk 0 MBR scan
14:31:32.429    Disk 0 unknown MBR code
14:31:32.431    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:31:32.435    Disk 0 scanning C:\Windows\system32\drivers
14:31:32.438    Service scanning
14:31:32.981    Modules scanning
14:31:32.984    Disk 0 trace - called modules:
14:31:32.988    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
14:31:32.991    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006d15790]
14:31:32.995    3 CLASSPNP.SYS[fffff88001d4a43f] -> nt!IofCallDriver -> [0xfffffa800454e740]
14:31:32.998    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004599050]
14:31:33.003    AVAST engine scan C:\Windows
14:31:33.007    AVAST engine scan C:\Windows\system32
14:31:33.011    AVAST engine scan C:\Windows\system32\drivers
14:31:33.015    AVAST engine scan C:\Users\Tippin
14:31:33.020    AVAST engine scan C:\ProgramData
14:31:33.024    Scan finished successfully
14:31:51.006    Disk 0 MBR has been saved successfully to "C:\Users\Tippin\Desktop\MBR.dat"
14:31:51.010    The log file has been saved successfully to "C:\Users\Tippin\Desktop\aswMBR log 1.txt"
 
 


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 22 October 2013 - 01:57 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Hooks on a low level isn´t always a virus. What detected these hooks? Please post up the log.

Also, do the following:

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 28 October 2013 - 05:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users