Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER ROOTKIT


  • This topic is locked This topic is locked
6 replies to this topic

#1 Quant

Quant

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 29 October 2013 - 02:52 PM

Hello. My computer was acting weird and i did a reinstall of windows because i thought i could have a rootkit. I deleted partitions and installed windows 7 with the CD.
So, I directly installed Gmer to check if its removed.
Here's the log. Please Help me guys.. I am so sad..
Are those false positives? is my system clear or am i still infected after reinstall of windows?



GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-29 19:46:31
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC56 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\IsaUhr\AppData\Local\Temp\ffdiqpog.sys


---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [964:2596] 000007fefad31ebc
Thread C:\Windows\system32\svchost.exe [964:776] 000007feeb7fb1b0

---- EOF - GMER 2.1 ----

BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:35 PM

Posted 30 October 2013 - 08:53 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Since you reinstalled your operating system you are more than likely ok.  When you do that, the entire hard drive is wiped and all new information is installed.  Those entries you are seeing are very likely ok (very likely), but let's take a look anyway.   :)
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 Quant

Quant
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 30 October 2013 - 09:26 AM

hey, thanks. Unfortunately i can't post this because our internet doesnt work at the moment. The provider got maintenance. My uncle gave me tdss on a usb stick and i installed it
But Kaspersky Tdss killer didnt find anything.

#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:35 PM

Posted 30 October 2013 - 09:46 AM

Ok no problem....if TDSSKiller did not find anything than I believe you are fine.  You just reinstalled your system anyway so there is nothing but what you have reinstalled on your system.  :)

 

You should be good to go.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 Quant

Quant
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 30 October 2013 - 10:28 AM

Thank you for everything. :) Finally I'm clean. and I didn't take any backup from dik etc. i just reinstalled windows and starting updates now. I ll make a new begin :D

#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:35 PM

Posted 30 October 2013 - 01:28 PM

:thumbup2:


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:35 PM

Posted 01 November 2013 - 07:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users