Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible Rookit Windows 7 Ultimate SP1

  • This topic is locked This topic is locked
1 reply to this topic

#1 JusticeMalzilla


  • Members
  • 2 posts
  • Local time:01:17 PM

Posted 12 February 2016 - 08:06 AM

So ever since I got a thumb with a trojan like malware on a desktop, I have lost 3 computers to it over time and have spent lots of money to have them looked at only to be told it's fine just dump the USB after my initial few months of work on diagnosing what I thought was just a botnet type of attack that wanted my computer so I stopped using the computer but the USB thumb/flash drive had work files on it and was a pretty penny 128GB so I used it to transfer work files and I believe it infected the next computer, which was another genuine windows 7 laptop and then when I realized that the computer was hooked, I just used an older desktop for work but it's pretty slow so I invested in a new laptop and some hard drives, ram, etc and the new hard drives didn't help anything, as I finally realized there was definitely a rootkit direct attack going on or so I thought. Now I have another few computer untouched by anything but a wireless router. I am looking to diagnose my laptop that is worth a lot more than the rest of my hardware combined and figure out how it is infected. Only problem is I spilled a little sprite on on the keyboard and seemingly ruined the keyboard so pressing certain keys would type out like two key (e.g. A = ad or whatever).


Since it was a laptop I was not sure how to proceed but to remove the keyboard and let it sit for a few days off power and off battery and then I decided after about 5 days I could use it but plenty of mouse/keyboard combo packs from logitech so I used those and a $150 headset/mic blue yeti to use in a broadcast site. I was fed up with the site in question, It seemed like the site (younow) in question is owned or said to be owned by ex-yahoo ceo owner and headquartered in Germany(somewhere), Dubai and New York, New York. This site had a user in question visibly attached to my webcam one night while I was not 'live' as they say and it was clear he received a phone call and with friends in the room (laptop) facing him where he had to lean back and that's when I was positive there was trojan and the next hour or so went by and I tried to remove it thinking it wouldn't be too difficult assuming I was pretty familiar with Malware and had plenty of approaches. Well, I am now on another computer and can confirm that there is still something attacking me and it stems from the thumb drive I originally would keep work files on.



I've spent the last couple hundred hours on this forum and using about every approach aside from letting someone step by step guide me to scan.



My issue is I get infected every single time I reformat, I had to resort to my old DVD-R copy of Windows 7 Service Pack 1 after what I consider my best laptop became infected due to the USB Thumb Drive that has clearly been infecting things through it's auto run. I threw it away, and wish I hadn't because now I'm not sure what type of malware I have. I have only a copy of Linux Ubuntu Live Boot on a DVD-R and Windows 7 Ultimate 7 SP1 without the correct drivers so I had to load the drivers for Dell Latitude (630 or something) would have to double check. I have tried many guides on here but not without help.


Please advise how I should proceed. At this point, I am considering the computers in question bricks but want to be sure I am not infecting  anything else. This forum seems like Step 1 after my first couple hundred hours looks into it. Even my 'tech techy' friends and local computer expert deemed the computer in question fine but I know it's not because it keeps self-deteriorating every time I format. Linux Live Boot seems fine but I received a file on my desktop of Ubuntu live (before formatting) that named itself how fast are you(.mp3?[sic]) and so I was assuming I was not safe on a router with ubuntu live boot cd unless I formatted HDD first which I might try now but I will wait for someone who knows better than me how to diagnose this issue.


I will follow each step by the word of anyone who can help. Thanks in advance to the creator of this forum. It's opened my eyes to the sophistication of Windows itself. Who knew how deep Windows can be transformed with the right or wrong hands!! Yikes. Step 1?

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:01:17 PM

Posted 12 February 2016 - 02:51 PM

Hi JM,
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.

Edited by boopme, 12 February 2016 - 02:52 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users