08-10-2009 03:28 PM
Solved! Go to Solution.
08-10-2009 04:10 PM
We may need to eventually send you over to the corporate forum, but for now:
Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.
Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.
Choose log, check all the boxes except show hidden objects only and scan.
You will be able to post the log here using the "add attachments" link just below the orange post button.
08-10-2009 04:24 PM
Thanks for helping. Attached is the log you requested. Also, since you told me to disable Norton, I remembered another problem. Every once in a while, Norton auto protect is disabled. When I see that, I simply right click the logo on the bottom right of my computer and re-enable it. I don't know if this helps, but its something else I have noticed.
Thanks again for the help.
08-10-2009 04:42 PM
You have a SKYNET rootkit infection. I will advise Quads, who is our malware specialist. Follow his instructions as he makes them available to you.
08-10-2009 04:48 PM
I appreciate the quick reply. Once I remove that virus, will the other problems (Infostealer and svchost.exe) go away?
Thank you very much for the help.
08-11-2009 01:09 PM
1. Download Combofix to your Desktop, http://www.bleepingcomputer.com/combofix/how-to-us
Don't use yet.
2. I have Personal Messaged you the script between the lines, look for the yellow envelope at the upper right hand side. Copy the Script.
3. Open Notepad and paste it in to notepad with the first line being killall::
4. Save the script as "CFScript.txt" CFScript.txt is what you see on your desktop after saving.
5. Disable Nortons Auto-Protect and Firewall.
6. Drag and drop CFScript.txt on top of Combofix.exe, like when you drop files into the recycle bin.
7. Combofix will start, When it is scanning don't move the mouse cursor inside the box, can cause freezing.
Combofix will create a log at the finish
08-11-2009 05:53 PM
Thanks for the help. Attached is the log. Also if the hacktool rootkit problem is now gone, the svchost.exe problem is still there and I am not sure if the infostealer problem has been fixed.
08-11-2009 05:58 PM
Now download, Install, Update (update tab) the definitions, then run a FULL scan with Malwarebytes http://www.filehippo.com/download_malwarebytes_ant
08-11-2009 08:01 PM
Here is the log that I saved. I removed the 2 trojans detected. Even though these trojans were removed, the folders that they were kept in (for example the one that starts with C:\Qoobox...) still remain. When going through I also noticed multiple folders with absurd names such as "1a9d9276ff6d7b9a0fac07" and "5d65c60d6c6b922bf62d6b1ecab8" in my C drive. There are 7 of these crazily named folders. I don't know if this is normal, but its something I saw.
Thanks for the continued help.
08-11-2009 08:05 PM
I think if you disable your system restore, that will get rid of that one file. The other one is in the combofix quarantine, Qoobox.
Quads will have a look at the others.