Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My pc might have a rootkit


  • Please log in to reply
4 replies to this topic

#1 jeezy318

jeezy318

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,La
  • Local time:04:57 AM

Posted 04 July 2017 - 02:41 AM

I think im infected. Could someone please help me.



BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 04 July 2017 - 03:02 AM

Download and run AdwCleaner -

https://www.bleepingcomputer.com/download/adwcleaner/

Download and run Malwarebytes Anti-Malware -

https://www.malwarebytes.org/antimalware/

Download and run the portable version of Zemana Anti-Malware

https://www.zemana.com/en-US/Download

Download and run Junkware Removal Tool -

https://www.bleepingcomputer.com/download/junkware-removal-tool/

Create a System Restore point first.



#3 jeezy318

jeezy318
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,La
  • Local time:04:57 AM

Posted 05 July 2017 - 04:44 AM

I ran all those and didnt find anything. i ran gmer and it kept freezing, but came back with this before it did.



#4 jeezy318

jeezy318
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,La
  • Local time:04:57 AM

Posted 05 July 2017 - 04:48 AM

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-07-04 01:49:31
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000021 Samsung_SSD_840_PRO_Series rev.DXM06B0Q 119.24GB
Running: GMER.exe; Driver: C:\Users\dirty\AppData\Local\Temp\aglyikog.sys
 
 
---- Disk sectors - GMER 2.2 ----
 
Disk     \Device\Harddisk0\DR0                              unknown MBR code
 
---- Threads - GMER 2.2 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [804:640]            ffffbca6f61d9ac0
Thread   C:\WINDOWS\system32\csrss.exe [804:624]            ffffbca6f61d9ac0
 
---- Services - GMER 2.2 ----
 
Service  C:\WINDOWS\System32\qmgr.dll (*** hidden *** )     [AUTO] BITS                             <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [AUTO] CDPUserSvc_78901                 <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [MANUAL] DevicesFlowUserSvc_78901       <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [MANUAL] MessagingService_78901         <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [AUTO] OneSyncSvc_78901                 <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [MANUAL] PimIndexMaintenanceSvc_78901   <-- ROOTKIT !!!
Service  C:\WINDOWS\System32\svchost.exe (*** hidden *** )  [MANUAL] UnistoreSvc_78901              <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [MANUAL] UserDataSvc_78901              <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [AUTO] WpnUserService_78901             <-- ROOTKIT !!!
 
---- EOF - GMER 2.2 ----


#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 05 July 2017 - 03:56 PM

Those are parts of the Windows Connected Devices Platform Service.

 

Looks like false positives.

 

Cross-check with Malwarebytes Anti-Rootkit Beta...

 

https://www.malwarebytes.com/antirootkit/


Edited by jwoods301, 05 July 2017 - 03:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users