Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a rootkit.


  • Please log in to reply
11 replies to this topic

#1 harukaa

harukaa

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 06 October 2015 - 08:19 PM

Hi, I've posted on another forum where a user told me I had a rootkit and it was beyond his reach, I was told to post here. Could I get some help from you guys? Thanks.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:31 PM

Posted 07 October 2015 - 02:06 AM

Hello and welcome to BC,

 

How did you determine that you maybe have a rootkit?

 

Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-------

 

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.

----------

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.

NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

------------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 tealover

tealover

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester, UK
  • Local time:11:31 AM

Posted 07 October 2015 - 03:05 AM

Download Free TDSSKiller - Rootkit Removal from Kaspersky. I have Kaspersky Internet Security and TDSSKiller  which runs frequently in the background, It's still a free utility and probably the best rootkit detector  available.

#4 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:31 AM

Posted 08 October 2015 - 12:43 PM

I do not think TDS killer exists anymore as a stand alone. I just searched on Kaspersky site and did not see it or get a search result on their site.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:31 PM

Posted 08 October 2015 - 12:49 PM

Do a MBAM scan with rootkit option checked and that should be all. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 AM

Posted 08 October 2015 - 12:57 PM

I do not think TDS killer exists anymore as a stand alone. I just searched on Kaspersky site and did not see it or get a search result on their site.


First result when Googling "TDSSKiller" :)

https://support.kaspersky.com/viruses/disinfection/5350#block1

So yes, TDSSKiller still exist, and is also still a standalone executable. Just to point it out.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:31 AM

Posted 08 October 2015 - 01:29 PM

I did not google it I looked for it on Kaspersky web site and did not find it and ran my search from that search engine.

How old is that google link.

And their free security scan will not run on Win 10 only up to win 8.1. Tried to run it and that was the message I got from it's installer.

 

I see that tdsskiller is only up to win 8 also.  I did not think of looking in support, figured it would be listed with their other tools.


Edited by dannyboy950, 08 October 2015 - 01:34 PM.

HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:12:31 PM

Posted 08 October 2015 - 01:33 PM

Run MBAM. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:31 AM

Posted 08 October 2015 - 01:50 PM

Mbam and emisoft are very good indeed but just use an awfull lot resources on my pc. I do not think I could actually run both.

I use mbam pro onhere and used emisoft on my vista machine with good results. Even tho they were not fully able to remove everything they at least found and removed more than anything else I had run on that machine. Which was litteraly about everything on the market.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#10 tealover

tealover

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester, UK
  • Local time:11:31 AM

Posted 08 October 2015 - 01:56 PM

Google Kaspersky tdsskiller,, select 

 

Download Free TDSSKiller - Rootkit Removal - Kaspersky Lab

 

Submit first name, last name and email address and press submit and they will email you a link on how to run the tool.

 

When you get their email, select .

 

 Download the DSSKiller.exe and then click the Lime Green EXE box

 

Easy, Peasy



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:31 AM

Posted 08 October 2015 - 03:15 PM

Hi harukaa,

If it is okay, can we see the previous thread where you were told that you have a rootkit? It will help to see whether it is a true rootkit or not, as actual rootkit infections these days are very rare.

#12 tealover

tealover

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester, UK
  • Local time:11:31 AM

Posted 09 October 2015 - 07:12 AM

A Rootkit is  extremely rare but you can run Kaspersky TDSSkiller for peace of mind. It will do no harm and remove it if there is one.

 

I have been using Kaspersky Internet Security for over 10 years, which runs this utility every day with updated signatures. In this time it has never detected a rootkit.

 

Kaspersky Internet Security is the premiere internet security package and I advise you to buy it, not as a download from the Kaspersky website which is expensive, but as a disk from Amazon which is far cheaper.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users