Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit / Zero Access


  • This topic is locked This topic is locked
4 replies to this topic

#1 Ainz

Ainz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 12 August 2016 - 12:37 AM

Hey guys if anyone can help me, I have some nasty rootkit infection and I ran combo fix, it found winver.exe to be infected and successfuly repaired it after thatI ran sfc /scan and it found some files to be corrupted and fixed it. Also I ran Adware Cleaner, Malwarebytes antirootkit, Eset Online scanner, TDSS tool and it only found only one Disable Task Manager registry key. If anyone could help me find rest of it I would really appreciate it.

Attached Files


Edited by Ainz, 12 August 2016 - 12:43 AM.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 AM

Posted 12 August 2016 - 01:50 PM

Hi Ainz :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#3 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 AM

Posted 14 August 2016 - 11:38 AM

Hi Ainz :)

 

Unfortunately there is evidence of illegal software on your computer. I am going to request that you completely uninstall TechSmith Camtasia Studio 8.6.0 and all other products for which you do not have a valid Product Key. If you are willing to do that, please rerun a FRST scan with Addition.txt checked and post both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please do this:

===================================================

CKScanner

--------------------

  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report into your next reply to me

===================================================

 

Next:

 

I noticed that your FRST and Addition logs were not run from the same scan.

  • Please rerun FRST from Normal mode.
  • Check the box for Addition.txt
  • Click on Scan.
  • When the scan has completed, please copy and paste the logs into your next reply to me.

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. icon_thumb.gif

  • CKScanner report
  • FRST report
  • Addition report

Let me know if you have any questions.

 

polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 AM

Posted 17 August 2016 - 11:50 AM

Hi Ainz :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:34 AM

Posted 19 August 2016 - 11:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users