• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Help possible rootkits

Please can someone help, I have been having connection problems and all sorts of strange behaviour with my computer, both super-anti spyware and malwarebyte anti malware have not not updated since 28th June despite downloading they still show the same date 28th june as being last download. As a last resort to my problems I have downloaded and used the rootkit program GMER and found 7 problems. My computer knowledge is poor, so I do not know how to post and save a log to this forum but it shows problems in the following:

fltmrg.sys(microsoft filesystem filter)

Driver\tdx\Device\Ip  SYMTDI.sys

Driver\tdx\ Device\TCP  SYMTDI.sys

Driver\tdx\Device\UDP  SYMTDI.sys

Driver\tdx\Device\RAWIP  SYMTDI.sys

Driver\kbdclass\Device\KeyboardClass0  wdf01000.sys (WDF Dynamic/Micros

Driver\kbdclass\Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Micros 

Replies

Kudos0

Re: Help possible rootkits

reactivate,

Run GMER; make sure that everything is checked except show all; click on "Scan"; when the scan is done, click on "Save" and name the file GMER_070709.txt or something similar.  Come to the Forum and start a reply post to this thread; on that post, you can attach the log file by using the Add Attachments link as in the picture.

Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: Help possible rootkits

Do you see anything like this at the end of the GMER log?

 


---- Services - GMER 1.0.15 ----

Service         C:\Windows\system32\drivers\MSIVXvexeeyiqhnwerxrfqcpxkcumddvmwepn.sys (*** hidden *** )  [SYSTEM] MSIVXserv.sys                                      <-- ROOTKIT !!!


 

Save the log to your computer. When you open the editing window to post the reply, you can find the option Add Attachments under Tags. You can click on that, and select the log file saved in your computer and you can proceed with posting the reply.

Kudos0

Re: Help possible rootkits

dbrisendine I have done as you said, but the saved file is not visable. Should I have been logged in as admin when I did the scan? It took a long time to scan, Should I try again logged in as admin instead of standard user?

Yogesh, I did not see anything relating to what you described, scan revealed types - as follows:

32 of type: SDDT

5 of type: .text

1 of type: ?

6 of type: attachedD

1 of type: file

You will have to excuse my lack of knowledge, I expected the scan log file to appear on desktop but there is nothing there, but using windows search to find the file shows it's location as desktop, which I suppose means it is hidden from me. 

Kudos0

Re: Help possible rootkits

Sorted it, I logged on as admin andit was there, Doh silly me.

File Attachment: 
Kudos0

Re: Help possible rootkits

After much google searching, I think this might be my problem  http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
Kudos0

Re: Help possible rootkits

If that is the problem, then you need to fully update your Norton program (run Live Update manually until it says there is no more updates available), boot into Safe Mode and run a full scan.

To enter Safe Mode, restart your system and when it first starts to reload, tap the F8 key until the Advanced Options menu appears.  Choose Safe Mode (only) and press ENTER.  When logged in, double click on the N360 desktop icon and follow the pop up to select running a full system scan.

Report back here with the results.  Thanks.

Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: Help possible rootkits

Hi dbrisendine, I have done a full system scan in safe mode, it took 14 hours to scan 5014.274 file, and found nothing. 

I uninstalled super antispyware, and malware bytes, I used malwarebytes tool to completely remove all traces of malwarebytes anti malware, and re-installed but the update definitions are still not showing correctly, Although my computer knowledge is limited I am very suspicious about what I see in security history, I believe something is not right, any further help would be appreciated.

Cheers

Kudos0

Re: Help possible rootkits

Hi Reactivate:

You have no rootkit.  You can and probably should have either Malwarebytes or SAS on your system for alternate on-demand scans.  They do not interefere with Norton.

If you think there is another kind of problem, you could run a Hijackthis log for one of our analysts to look at.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Help possible rootkits

Here is the log, it looks suspicious to me, note it also says there is a missing norton file.

File Attachment: 
Kudos1 Stats

Re: Help possible rootkits

I think, you are suspicious about this entry:

O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

 

No need to worry about it, it's just a small remnant from the previous Norton program you had. The previous version will get removed when you install the new Norton 360 program. As you are currently using Norton 360, you need to worry only when there is any problem with the files in C:\Program Files\Norton 360

Kudos0

Re: Help possible rootkits

So everthing is o.k then?

Thanks Yogesh

This thread is closed from further comment. Please visit the forum to start a new thread.