Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rootkit Activity and infected with VBS:malware.gen

  • Please log in to reply
1 reply to this topic

#1 ag.dabears


  • Members
  • 34 posts
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:11:14 PM

Posted 27 February 2017 - 05:02 PM

i was infected with vbs:malware.gen which infected over 300 files so i assume it is a virus. avast did remove it but computer still running slower than usual specially playing any media player makes it take forever to change songs. i also have rootkit activity and was detected by gmer i saved the log file so i will post it at the end. i do not know which rootkit or if it will b impossible to removed so any advice would be appreciated. thanks  p.s i also renamed gmer to pick-a-boo. when i changed the name is when it found the infections but no longer will detect them so i assume i am infected by rootkit.





GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-02-27 04:19:35
Windows 6.2.9200  x64
Running: pickA-boo.exe

---- Services - GMER 2.2 ----
Service  C:\WINDOWS\system32\drivers\hitmanpro37.sys (*** hidden *** )                                                           [MANUAL] hitmanpro37     <-- ROOTKIT !!!
Service  C:\Program Files (x86)\Wondershare\WAF\\WsAppService.exe (*** hidden *** )                                     [AUTO] WsAppService  <-- ROOTKIT !!!
Service  C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe (*** hidden *** )                                          [MANUAL] WsDrvInst  <-- ROOTKIT !!!
---- Registry - GMER 2.2 ----
Reg - HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                    1455034511
Reg - HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\ParametersInstup_14865758592652286@SetupOperations                    ???Q?????Q?Q?Q?R?R?R?R?S?S?S?S?T?T?T?????????????2??????????????????????????????? ???????P?????S?????Q??????????P?/??????\???????????G???????Q?Q?Q?Q?Q?S?S?S?????????????n??t8????????????????????????P??Q????????h?????\SystemRoot\system32\drivers\aswSnx.sys?ys???????????S?????????e?????Q??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\HTMBE2.tmp","\??\C:\Program Files\AVAST Software\Avast\HTMLayout.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\avBEE3.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD102D.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\AvD1138.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\AvDump64.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\aswE051.tmp","\??\C:\Program Files\AVAST Software\Avast\aswcmlx.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\aswE0CF.tmp","\??\C:\P
Reg - HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                  0x7F 0x6D 0x58 0xFA ...
Reg - HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                       0x7F 0xD5 0x1C 0x5C ...
Reg - HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                        0x7F 0x05 0x94 0x98 ...
Reg - HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw                                                                                             0x64 0x62 0x03 0x00 ...
Reg - HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask                                                                                 0x64 0x62 0x03 0x00 ...
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ForegroundColorInactive                  -1
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonBackgroundColor                     0
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonHoverBackgroundColor          -13750738
Reg -
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonPressedBackgroundColor       -12303292
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonBackgroundColorInactive         0
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonForegroundColorInactive        -1
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6EAE973B-8280-4932-BB5A-F916A3BBB4D1}@LastAccessedTime                        0x60 0x34 0x7F 0xBC ...
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6EAE973B-8280-4932-BB5A-F916A3BBB4D1}@LaunchCount                                1
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BE458C51-DA6E-4D2A-AEE1-8216BE0FD4BB}@LastAccessedTime                       0xB0 0xA1 0x7C 0xE9 ...
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BE458C51-DA6E-4D2A-AEE1-8216BE0FD4BB}@LaunchCount                                 27
---- EOF - GMER 2.2 ----



BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,493 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:02:14 AM

Posted 28 February 2017 - 02:21 PM

Hello please repost your topic here,...


We'll get a better look...Let me know if that went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users