Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit on my Windows 7 Desktop


  • Please log in to reply
1 reply to this topic

#1 IHATETROJANS1234

IHATETROJANS1234

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 22 July 2017 - 05:19 AM

After downloading a file the other day I have had searchmanager extension added to chrome and "The requested resource is in use" text while trying to launch anti virus I am restricted from deleting many of my files by a group called "Administrators" and having trouble figuring out what to do. I have tried Avast rescue disk but every time I "delete" the files they come back. I have also tried RKill and File assassin to delete a file called "ntuserlitelist" and I am becoming restless I can post logs from Avast and Rkill but that is about it. Also everytime I try to launch in safe mode It eventually crashes and I still can't launch my anti virus and when I try to launch file explorer or control panel it says I am out of memory even though I have 16G. Also when I try to terminate some processes I am denied and I just looked and can't find my avast logs I will run another scan while I am sleeping and I will save it. I am about to cry I need closure and maybe even a hug.

 

 

Here is one suspicious file : https://i.gyazo.com/17585c974726eebe19ee776147783958.png

 

 

RKILL LOGS:

 

Rkill 2.9.0BETA by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/22/2017 01:23:59 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * Dataup Stopped. [PUP/GEN]
 * drmkpro64 Stopped. [PUP/GEN]
 
2 services stopped!
 
Checking for processes to terminate:
 
 * C:\windows\system32\tprdpw64.exe (PID: 1296) [WD-HEUR]
 * C:\Users\Matthew\AppData\Local\xnrvl\pqdam\ct.exe (PID: 2360) [UP-HEUR]
 * C:\Users\Matthew\mbar-1.09.4.1001.exe (PID: 2280) [UP-HEUR]
 * C:\Users\Matthew\FRST64.exe (PID: 3708) [UP-HEUR]
 
4 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 
 
 
 
 
 
 
 
 
 
 


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:36 AM

Posted 22 July 2017 - 06:06 AM

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users