Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my wife's laptop doomed? possible rootkit infection


  • Please log in to reply
2 replies to this topic

#1 yomatius

yomatius

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 27 June 2015 - 11:58 AM

Hi all, this is my first post in this Forum, I hope I will do all right. I think my wife's laptop is infected with a nasty virus and I am at a loss as to what to do. Your help is much appreciated.

 

My wife's laptop is an Asus running windows 8.1 (6.2 9200), it started behaving very strangely after she watched some streaming website a couple days ago. Very slow at boot up, freezing, sluggish, erratic behaviour, desktop icons dissappearing, keyboard making sounds, the works. I suspected a virus infection, and I realized antivirus and windows defender were disabled (which they were not before).

 

1. I ran a series of antivirus scans, including malwarebytes virus removal and avast scan and nothing came up. Still the behavior was odd so I suspected a rootkit infection,

2. I tried to run malwarebytes rootkit beta tool but it froze, I got a message of possible rootkit activity and that It would remove a value and try again, but it did freeze again.

3. I also downloaded a similar tool by Kaspersky, which failed to find anything.

4. I know now I am out of my depth. After a few searches around the web. I downloaded Gmer, ran it and it started finding something but it crashed immediately. I rebooted and was able to run a scan again but some files were not accessible (win32 config, ntuser.dat). I managed to save the log once.

5. I did the same thing again and now I cannot save the log because the keyboard becomes unresponsive when it is the moment to save the file. I see Gmer detects suspicious activity in the dropbox folders.

6. I saved some document files and photos that are important to an usb drive, but I do not know if the virus is in there too.

7. I found rkill in this forum and if I run it it terminates a process called ACengsvr.exe, the laptop is less sluggish but still not allright, I also disable wifi connectivity somewhere between steps 4 and 6.

 

So here I am now, I never had confirmation of virus activity but it does indeed seem like there is something there, and the computer is indeed not working properly. I am not above performing a wipe if possible but I do not know how to do it in windows 8.1 and this laptop came without a windows disk, so I do not know the number either. 

So, do I have enough evidence here? Do you think her laptop is doomed? what would you do? I know enough to realize this is way above my knowledge and that we need help.

 

I am looking forward to hearing from you, 

 

Best, Matius

 

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:33 AM

Posted 28 June 2015 - 04:08 PM

Hello Matius
 
Lets repost your issue... We need to get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 yomatius

yomatius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 29 June 2015 - 06:48 AM

I will follow your instructions, will post later, thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users