09-18-2009 07:21 AM
I believe my system became infected yesterday and is not allowing my antivirus programs to run.
I ran SysProt and attached my log.
Any help is very much appreciated.
09-18-2009 07:25 AM
The main file causing trouble is shown here.
Module Name: \systemroot\system32\drivers\gasfkyydvxprcp.sys
Service Name: gasfkyeyyoqnmrModule Base: ---Module End: ---Hidden: Yes
Can u try to run malwarebytes in safe mode, it sud remove the rootkit.
09-18-2009 07:39 AM
Malwarebytes will not remove a rootkit. You are not qualified on this forum to assist users with malware problems. Your suggestions are likely to prevent this user from getting the assistance that he requires. Cease.
09-18-2009 07:44 AM
After it is downloaded to your desktop, right click on the icon, go to properties, and click unblock and apply.
If it does not run properly, follow these directions:
If a Full Scan crashes, When starting GMER next time instead close that warning box so it doesn't do a Full Scan, above the Drives box (right hand side) there are items ticked from "system" to "files' untick all but "services" and "registry" and scan those 2 areas.
Our forum guru, Quads, is the only member qualified to assist you with this infection. Please wait for his arrival online. Do nothing else with it but the scan. He will need the information provided by the scan. You will be able to attach the log using the "add attachments" link below the orange post button.
09-18-2009 07:58 AM
C what i m trying to say is rootkits may be real hard to remove.
But some of them are just trojans immitating rootkits.
If malwarebytes can't remove it then it will not.
Can u explain how will it be affected if malwarebytes is run?
09-18-2009 08:02 AM
Thanks for your help. I tried to go to the link below but the rootkit is invading my browser as well (Chrome), it won't let me go to that site and crashes my browser. I tried in IE but it can't get there either.
Is there another site I could get this from (one that the virus won't detect as AV).
09-18-2009 08:04 AM
09-18-2009 08:21 AM
Let's try this one. The site is Quads' private download site. SysProt may cause a warning about threats, just ignore it. This is a new rootkit and we are not familiar with all of its quirks yet. You may need to download from another computer onto a flash drive and then copy to yours. We will see.
You will need to disable Norton auto-protect while you run the scan. If the rootkit has already disabled Norton go ahead with the scan.
Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.
Choose log, check all the boxes except show hidden objects only and scan.
You will be able to post the log here using the "add attachments" link just below the orange post button.