Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit detected [Rootkit.MBR.Mayachok.B (Boot image)]


  • This topic is locked This topic is locked
8 replies to this topic

#1 Jupiter34

Jupiter34

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 18 June 2014 - 06:06 PM

Hello,

Malware has been detected on my computer and I cannot seem to to get rid of it. AdAware detected the rootkit specified in the post title, and what sound like radio ads are playing even when I have no programs running. I downloaded and ran the DDS program but the dds.txt file did not generate. The attach.txt file did generate but I can't attach it since I had to write this on my iPad (see below).

I'm trying to give as much information as possible, so here are two more issues that I believe are related:

1. IE was barraged with unrequested cookies from random websites until I changed the settings to reject all cookies. IE and Firefox also now take 1-2 minutes to load a page, and in some cases never load it. This is also what happened when I tried to submit this post from my computer (I'm now typing this on my iPad).

2. McAfee has blocked about 25 executions of svchost.exe as mass mailing worms. I can upload that log file if needed.

Please help me get rid of the malware on my computer, and adjust my settings to increase security and prevent future infections.

Thank you!


Edited by hamluis, 18 June 2014 - 06:07 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Guest_THECOMPUTERTECH01_*

Guest_THECOMPUTERTECH01_*

  • Guests
  • OFFLINE
  •  

Posted 18 June 2014 - 07:18 PM

Hello, I am a Computer Software Technician. I will help with your rootkit. There is a few different solutions to your rootkit. (I GAVE EXTRA INFO TO HELP YOUR COMPUTER SPEED INCREASE.)

 

1. Install and Run TDSS Killer (download from bleepingcomputer.com)

 

2. Install and Open MalwareBytes DO A THREAT SCAN (malwarebytes.org) download it from there and make sure you go into settings and then detection and protection and set it to scan for rootkits. Fix anything it finds. Restart computer. There is manual ways of removing viruses but that I will not tell you. You can damage your computer. You have to be highly skilled to know what to delete.

 

3. Run Hitman Pro (download from surfright.nl) and delete what it finds and restart your computer. It will find what Malwarebytes did not. If anything was not found.

 

4. Download from bleepingcomputer.com AdwCleaner and run it and delete anything it finds. That will speed up your computer. Will delete adware and registry issues. Restart Computer

 

5. Download CCleaner free version from piriform.com. Run the cleaner and registry cleaner and delete everything it finds.

 

6. Click the Start Orb type run in the search box and click it. Type temp and clear everything out of that folder and then repeat opening run and type %temp% and delete everything in that folder. Run once more and type prefetch and delete everything in that folder. Restart computer. This will speed up your computer as well. MalwareBytes may have found viruses in these folders as they are a common location for infections. ONE OF THE TEMP FOLDERS IS WHERE THAT ROOTKIT IS LOCATED AT!!!

 

7. Thats all. That will ensure your rootkit and any other viruses are removed. You have to learn alot to be a computer tech and I have just told you a few of the basics that will help clean a computers operating system but there is other things you should know and It would take forever to explain. I would be losing money if I told you everything. I hope I helped!

 

8. YOU HAVE A GOOD ANTI VIRUS BUT I RECCOMEND KEEPING MALWAREBYTES FOR A SCANNER BECAUSE MCAFEE IS NOT A GOOD SCANNER BUT IS GOOD TO GET VIRUSES BEFORE THEY COME IN AND IS A GOOD LINK CHECKER. DO A THREAT SCAN EVERY 7-14 DAYS WITH MALWAREBYTES.

 

9. You are welcome


Edited by THECOMPUTERTECH01, 19 June 2014 - 04:49 PM.


#3 Guest_THECOMPUTERTECH01_*

Guest_THECOMPUTERTECH01_*

  • Guests
  • OFFLINE
  •  

Posted 18 June 2014 - 08:27 PM

You can use RKill which can be downloaded on bleepingcomputer.com to kill malicious services running in the background. Another tip for you is to make sure you do not have any freeware like FrostWire. That will cause alot of infections. Remove that with RevoUninstaller free which you can find on revouninstaller.com. You may also want to remove any toolbars you have. ADWCleaner may do that for you.


Edited by THECOMPUTERTECH01, 19 June 2014 - 04:34 PM.


#4 Guest_THECOMPUTERTECH01_*

Guest_THECOMPUTERTECH01_*

  • Guests
  • OFFLINE
  •  

Posted 19 June 2014 - 04:40 PM

FOLLOW THE URL INSTRUCTIONS GIVEN BY Jackfalconeme. READ EVERYTHING CAREFULLY STEP BY STEP TO MANUALLY REMOVE THE VIRUS COMPLETELY WITHOUT SCANNERS!! THAT IS 100% CORRECT INSTRUCTIONS BECAUSE I CHECKED THEM OVER. THE WEBSITE ALSO HAS SOME GOOD TO KNOW INFORMATION ABOUT THAT VIRUS.


Edited by THECOMPUTERTECH01, 19 June 2014 - 04:46 PM.


#5 COMRAM

COMRAM

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 22 June 2014 - 04:51 PM

:).



#6 Quads

Quads

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CHCH New Zealand

Posted 22 June 2014 - 07:25 PM

I have a feeling it is a clever form of spam the link instructions, and does not deal really with the Boot sector and file system of  

Mayachok which off the top of my head is also known as Cidox or Rovnix

 

Quads



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling

Posted 23 June 2014 - 07:21 AM

If this is a serious post, please follow this advice only and ignore other posts (sorry Quads)

 

 

Please follow the instructions in thisPreparation Guide starting at Step #6.

 

NOTE - If you cannot complete a step, skip it and continue.

 

 Once the requested logs are created, make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs. area -

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Tell me when you post the new topic so we can close this one and only let the Experts fix your problem.



#8 Quads

Quads

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CHCH New Zealand
  • Local time:05:37 AM

Posted 23 June 2014 - 01:35 PM

No problem

 

I have read though the link above (#4) and it does not deal with the Boot sector and actually looks like a clever way to SPAM / ads to try to get business.

 

Quads



#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,849 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:37 PM

Posted 25 June 2014 - 09:39 PM

Hello Jupiter34,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/539044/radio-ads-unsolicited-cookies-internet-does-not-load/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users