• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

cannot remove whatever malware/rootkit i've got

I tried to do this by myself and by reading several other threads in these forums but cannot get rid of whatever it is that has infected my computer.  I'll give a little bit of background on what has been removed and where I stand now.  When I first noticed the problem a few days ago Norton Internet Security (ver 15.5.0.23) started by finding and removing a virus called "Suspicious.skintrim."  After that NIS was able to detect and remove "trojan.metajuan" and "downloader."  I was still having weird pop-ups, strange pages shwoing up in firefox, etc and found my way to this site.  I was able to download some of the software recommended here in other threads.  I have run malwarebytes anti-malware probably a dozen times and it keeps finding new things.  At first it was "a.exe", "b.exe" then it became variants of "UAC___.dll"  I found a suggestion to run Sophos' anti-root kit program and it seemed to find and remove a lot of files associated with UAC and "kbiwkm________".  Since then I have not seen any weird issues with my computer, but when I run scans with MBAM it still finds new files (rootkit.tdss is the current problem) and registry keys.  NIS does not find anything.  Spohos does not find anything meaningful.  I'm not sure what I can do next to get rid of remaining malware and make sure there isn't something still there that will cause a problem.  I have uploaded a current log from HijackThis and the latest log from MBAM.  If anyone has advice on how to complete the cleanup I would appreciate it.  Thanks.

Replies

Kudos1 Stats

Re: cannot remove whatever malware/rootkit i've got

You would have been better to ask for assistance first.  There is no guarantee that we will be able to help you now that you have applied other fixes to what is a very specialized problem.  We will see what has been left and Quads will make a determination on whether he can help you safely, or whether you will need to take it in to a computer expert in your locale.

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos2 Stats

Re: cannot remove whatever malware/rootkit i've got

One thing you can do for yourself, is to remove Spybot Search & Destroy with Teatimer.  Teatimer runs in real time the same as Norton.  Whenever you run two real time scanners at the same time, you have conflicts that leave you vulnerable.

Another thing to know about S & D is that it actually prevents the removal of some of the rootkits.  It should be removed from your system ASAP.

You still have a kbiwkm rootkit infection.

What other programs or utilties did you use to try and remove it?

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: cannot remove whatever malware/rootkit i've got

Here is sysprot log.

The three scan programs I have tied so far are Norton, Malwarebytes' anit-malware, and Sophos' anti-rootkit.   Have now removed spybot too.

Thanks for helping.

File Attachment: 
Kudos0

Re: cannot remove whatever malware/rootkit i've got

Hi

NOTE:  You will have to save as combofix to save it as a different name so the it is No longer named "Combofix.exe"  so that when I say Combofix below I mean the new name you have downloaded it as instead

Now

1.  Download Combofix  to your Desktop, http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Don't use yet.

2. I have Personal Messaged you the script between the lines, look for the yellow envelope at the upper right hand side.   Copy the Script.

3.  Open Notepad and paste it in to notepad with the first line being killall::

4. Save the script as "CFScript.txt"       CFScript.txt is what you see on your desktop after saving.

5. Disable Nortons Auto-Protect and Firewall.

6.  Drag and drop CFScript.txt on top of Combofix.exe, like when you drop files into the recycle bin.

7. Combofix will start,  When it is scanning don't move the mouse cursor inside the box, can cause freezing.

Quads 

Kudos0

Re: cannot remove whatever malware/rootkit i've got

Quads,

I ran Combofix.  It seemed to work as described in the tutorial from the link. Do you want me to upload the log file?

Message Edited by sm00 on 09-03-2009 09:49 PM
Kudos0

Re: cannot remove whatever malware/rootkit i've got

Yes please

Quads 

Kudos0

Re: cannot remove whatever malware/rootkit i've got

Here is log file.
File Attachment: 
Kudos0

Re: cannot remove whatever malware/rootkit i've got

Does Malwarebytes Still find the registry entries??

Quads 

Kudos0

Re: cannot remove whatever malware/rootkit i've got

I ran a full scan with MBAM and it did not find anything.
Kudos1 Stats

Re: cannot remove whatever malware/rootkit i've got

Hi

Ok the rootkit is gone

Quads 

Kudos0

Re: cannot remove whatever malware/rootkit i've got

Thank you to you and Delphinium.  I appreciate yall taking to time to help.

This thread is closed from further comment. Please visit the forum to start a new thread.