United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
sm00
Visitor
sm00
Posts: 6
Registered: ‎09-01-2009
Accepted Solution

cannot remove whatever malware/rootkit i've got

Options

‎09-02-2009 07:38 PM

I tried to do this by myself and by reading several other threads in these forums but cannot get rid of whatever it is that has infected my computer.  I'll give a little bit of background on what has been removed and where I stand now.  When I first noticed the problem a few days ago Norton Internet Security (ver 15.5.0.23) started by finding and removing a virus called "Suspicious.skintrim."  After that NIS was able to detect and remove "trojan.metajuan" and "downloader."  I was still having weird pop-ups, strange pages shwoing up in firefox, etc and found my way to this site.  I was able to download some of the software recommended here in other threads.  I have run malwarebytes anti-malware probably a dozen times and it keeps finding new things.  At first it was "a.exe", "b.exe" then it became variants of "UAC___.dll"  I found a suggestion to run Sophos' anti-root kit program and it seemed to find and remove a lot of files associated with UAC and "kbiwkm________".  Since then I have not seen any weird issues with my computer, but when I run scans with MBAM it still finds new files (rootkit.tdss is the current problem) and registry keys.  NIS does not find anything.  Spohos does not find anything meaningful.  I'm not sure what I can do next to get rid of remaining malware and make sure there isn't something still there that will cause a problem.  I have uploaded a current log from HijackThis and the latest log from MBAM.  If anyone has advice on how to complete the cleanup I would appreciate it.  Thanks.
Attachment hijackthis.log ‏11 KB
Attachment mbam-log-2009-09-02 (21-37-28).txt ‏2 KB
Report Inappropriate Content
Message 1 of 12 (3,204 Views)
0 Kudos
delphinium
Posts: 9,680
Kudos: 2,855
Solutions: 282
Registered: ‎11-21-2008

Re: cannot remove whatever malware/rootkit i've got

Options

‎09-02-2009 07:44 PM

You would have been better to ask for assistance first.  There is no guarantee that we will be able to help you now that you have applied other fixes to what is a very specialized problem.  We will see what has been left and Quads will make a determination on whether he can help you safely, or whether you will need to take it in to a computer expert in your locale.

 

 

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Report Inappropriate Content
Message 2 of 12 (3,186 Views)
delphinium
Posts: 9,680
Kudos: 2,855
Solutions: 282
Registered: ‎11-21-2008

Re: cannot remove whatever malware/rootkit i've got

Options

‎09-02-2009 09:06 PM

One thing you can do for yourself, is to remove Spybot Search & Destroy with Teatimer.  Teatimer runs in real time the same as Norton.  Whenever you run two real time scanners at the same time, you have conflicts that leave you vulnerable.

 

Another thing to know about S & D is that it actually prevents the removal of some of the rootkits.  It should be removed from your system ASAP.

 

You still have a kbiwkm rootkit infection.

 

What other programs or utilties did you use to try and remove it?

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Report Inappropriate Content
Message 3 of 12 (3,177 Views)
sm00
Visitor
sm00
Posts: 6
Registered: ‎09-01-2009

Re: cannot remove whatever malware/rootkit i've got

Options

‎09-03-2009 06:35 PM

Here is sysprot log.

 

The three scan programs I have tied so far are Norton, Malwarebytes' anit-malware, and Sophos' anti-rootkit.   Have now removed spybot too.

 

Thanks for helping.

Attachment SysProtLog.txt ‏30 KB
Report Inappropriate Content
Message 4 of 12 (3,113 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,246
Registered: ‎07-21-2008

Re: cannot remove whatever malware/rootkit i've got

Options

‎09-03-2009 06:52 PM

Hi

 

NOTE:  You will have to save as combofix to save it as a different name so the it is No longer named "Combofix.exe"  so that when I say Combofix below I mean the new name you have downloaded it as instead

 

 

Now

 

1.  Download Combofix  to your Desktop, http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Don't use yet.

 

2. I have Personal Messaged you the script between the lines, look for the yellow envelope at the upper right hand side.   Copy the Script.

 

3.  Open Notepad and paste it in to notepad with the first line being killall::

 

4. Save the script as "CFScript.txt"       CFScript.txt is what you see on your desktop after saving.

 

5. Disable Nortons Auto-Protect and Firewall.

 

6.  Drag and drop CFScript.txt on top of Combofix.exe, like when you drop files into the recycle bin.

 

7. Combofix will start,  When it is scanning don't move the mouse cursor inside the box, can cause freezing.

 

Quads 

Report Inappropriate Content
Message 5 of 12 (3,104 Views)
0 Kudos
sm00
Visitor
sm00
Posts: 6
Registered: ‎09-01-2009

Re: cannot remove whatever malware/rootkit i've got

[ Edited ]
Options

‎09-03-2009 07:44 PM - edited ‎09-03-2009 07:49 PM

Quads,

I ran Combofix.  It seemed to work as described in the tutorial from the link. Do you want me to upload the log file?

Message Edited by sm00 on 09-03-2009 09:49 PM
Report Inappropriate Content
Message 6 of 12 (3,085 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,246
Registered: ‎07-21-2008

Re: cannot remove whatever malware/rootkit i've got

Options

‎09-03-2009 07:51 PM

Yes please

 

Quads 

Report Inappropriate Content
Message 7 of 12 (3,081 Views)
0 Kudos
sm00
Visitor
sm00
Posts: 6
Registered: ‎09-01-2009

Re: cannot remove whatever malware/rootkit i've got

Options

‎09-03-2009 07:55 PM

Here is log file.
Attachment ComboFix.txt ‏16 KB
Report Inappropriate Content
Message 8 of 12 (3,076 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,246
Registered: ‎07-21-2008

Re: cannot remove whatever malware/rootkit i've got

Options

‎09-03-2009 08:00 PM

Does Malwarebytes Still find the registry entries??

 

Quads 

Report Inappropriate Content
Message 9 of 12 (3,071 Views)
0 Kudos
sm00
Visitor
sm00
Posts: 6
Registered: ‎09-01-2009

Re: cannot remove whatever malware/rootkit i've got

Options

‎09-03-2009 09:31 PM

I ran a full scan with MBAM and it did not find anything.
Report Inappropriate Content
Message 10 of 12 (3,051 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+