Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKit! Please Help!


  • Please log in to reply
26 replies to this topic

#1 Sirena1210

Sirena1210

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 August 2014 - 02:50 PM

Avast said I have a RootKit. I have tried to remove it but it seems to have gotten worse. My computer keeps restarting. I was finally able to restart the computer with start up loop recovery. Avast is not working right now. I am at a lost. Can anyone help me before I completely lose my mind and toss this bleeping computer out the window.

 

Thanks,

Sirena


Edited by Queen-Evie, 06 August 2014 - 03:04 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 06 August 2014 - 05:34 PM

Hello and Welcome,

Have you tried using TDSS killer. After downloading the exe file change the name to iexplore.exe then double click it.
 

 

Usage Instructions

TDSSKiller can be downloaded as an EXE or a ZIP file that contains the executable. When using the program, it is easier to download the EXE directly and only download the ZIP file if your computer software or Internet connection does not allow the direct download of executables.

It is important to note that many rootkits target the name of the TDSSKiller executable so that it is terminated when you attempt to run it. Therefore, after downloading or extracting the executable you should rename it to iexplore.exe so that it can more easily bypass any protection routines a particular rootkit may use.

 



#3 Sirena1210

Sirena1210
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 August 2014 - 05:51 PM

No. But right now I am running rogue killer. Two thing are in red. I was getting ready to look up Root.Zekos.

#4 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 06 August 2014 - 06:09 PM

You may want to take a look at this.



#5 Sirena1210

Sirena1210
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 August 2014 - 06:27 PM

Haha I was just looking at that. Trying it now. I will let you know it goes.

Thanks

#6 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 06 August 2014 - 06:36 PM

I would still try TDSSkiller though.



#7 Sirena1210

Sirena1210
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 August 2014 - 06:40 PM

I got to hitman pro and rebooted. I have to to that startup recovery loop again.

I would still try TDSSkiller though.



ok trying that too

#8 Sirena1210

Sirena1210
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 August 2014 - 07:01 PM

The TDSSkiller said no threats found

#9 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 06 August 2014 - 07:05 PM

One other thing I forgot to mention. Download Rkill. This will kill any malware processes it finds. Do not reboot. Then run Malwarebytes again.

 

Does avast work now?  Did Hitman Pro find anything?



#10 Sirena1210

Sirena1210
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 August 2014 - 07:09 PM

Avast was working about an hour or so ago. Hitman Pro did find something. I am thinking the reboot is messing everything up.



#11 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 06 August 2014 - 07:12 PM

When you say "Messing everything up"  do you mean you cannot log into Windows?



#12 Sirena1210

Sirena1210
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 August 2014 - 07:19 PM

Yes sir. I have to go to F8

repair

command prompt

d:

dir

cd \windows\system32\config

dir

md mybackup

copy *.* mybackup

a (to overwrite)

cd regback

dir

copy *.* ..

a (to overwrite)

exit

then restart

 

then windows starts up and I can get back to everything on my computer

I had to do this several times

This issue has been going on for 3 days now.



#13 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 06 August 2014 - 07:21 PM

Have you tried doing a System Restore to a date before the problem occured?



#14 Sirena1210

Sirena1210
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 06 August 2014 - 07:22 PM

yes sir



#15 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 06 August 2014 - 07:27 PM

I am not sure what is going on. After you go into Windows using the repair method you posted, is the drive clean of malware or does it show up again when doing a scan?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users