Re: rootkit suspected - Norton, malwarebytes, rootrepeal etc. won't run

mdturner · ‎04-11-2008

delphinium is presently off doing other things. Run sys prot again and attach the log please.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

jvpierce · ‎09-18-2009

Here's my SysProtLog.

Thanks

Julie

jvpierce · ‎09-18-2009

Oops - sorry, forgot to attach. Here it is.

mdturner · ‎04-11-2008

jvpierce wrote:
Here's my SysProtLog.

Thanks
Julie

Think you forgot to attach it

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

floplot · ‎04-11-2009

Hi

Now please wait for Quads to get back to you with further instructions and don't try to use any other programs.

Success always occurs in private and failure in full view.

delphinium · ‎11-21-2008

Thanks jvpierce:

Sorry about that extra SysProt. There seems to be massive confusion on the forum today. What version of Norton are you using? I;m not seeing it on the SysProt. If you can open it, the version number will be under Help & Support>about. What is your operating system?

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

jvpierce · ‎09-18-2009

I am running Norton Internet Security 2010 but currently it won't run due to this virus (when I try running it, I get a your license has expired, which it hasn't as I'm also running it on another computer, it's a 3 - user license). It is Version # 17.0.0.136.

I'm running Vista Business, Service Pack 1.

Thanks

Julie

delphinium · ‎11-21-2008

jvpierce:

Don't worry about Norton for the time being. Antimalware programs will not function until the rootkit comes out. That is the purpose of the thing, among others.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

Quads · ‎07-21-2008

Hi

NOTE: save Combofix (Save As) as another name like xxxxx.exe

Now

1. Download Combofix to your Desktop, http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Don't use yet.

2. I have Personal Messaged you the script between the lines, look for the yellow envelope at the upper right hand side. Copy the Script.

3. Open Notepad and paste it in to notepad with the first line being killall::

4. Save the script as "CFScript.txt" CFScript.txt is what you see on your desktop after saving.

5. Disable Nortons Auto-Protect and Firewall.

6. Drag and drop CFScript.txt on top of Combofix.exe, like when you drop files into the recycle bin.

7. Combofix will start, When it is scanning don't move the mouse cursor inside the box, can cause freezing.

Quads

jvpierce · ‎09-18-2009

Hi,

I downloaded Combofix and renamed it before downloading.

I created the CFScript.txt (although I think I made a mistake as I didn't include the quotes in the name).

I dragged the file ontoCombofix, it ran, it stated that CyberDefender is running and to disable before clicking OK - I haven't been running this and there was no way to disable as it's not running in the task bar and there is no uninstall in the control panel for this. So I continued.

Combofix said it detected a rootkit and that it needed to reboot - system rebooted and is now 'waiting' on the boot screen (Intel/Rom info screen). There is no activity on the harddrive.

Should I wait and see if it does anything (it's been about 45 minutes) or turn the power off and trying rebooting and trying again?

Thanks

Julie