• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Is it a rootkit :(

I think I have the same problem as someone else, but I dont have any idea what to do. Is it a rootkit? Is it possible to get rid of it?

I often get redirected  to different pages when i use google, and there are lots of failures by windows, like rundll has stopped working, or the audio service is not working. (there are others, but i cant remember them)

Replies

Kudos0

Re: Is it a rootkit :(

I think I have the same problem as someone else, but I dont have any idea what to do. Is it a rootkit? Is it possible to get rid of it?

I often get redirected  to different pages when i use google, and there are lots of failures by windows, like rundll has stopped working, or the audio service is not working. (there are others, but i cant remember them)

Kudos1 Stats

Re: Is it a rootkit :(

Welcome to the Norton Community

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan, as well as any other antimalware program.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

Message Edited by mdturner on 08-28-2009 01:00 PM
We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone
Kudos0

Re: Is it a rootkit :(

Sorry about being so slow to respond, I have been really busy the last few days. I tried to run a sysprot log but it crashed every time, so I ran a GMER log. Here are the results attached.

Kudos0

Re: Is it a rootkit :(


123uh-oh123 wrote:

Sorry about being so slow to respond, I have been really busy the last few days. I tried to run a sysprot log but it crashed every time, so I ran a GMER log. Here are the results attached.


What results attached??
 
Quads 
Kudos0

Re: Is it a rootkit :(

Sorry... I feel like a complete idiot for wasting your time. I ran a new search and I'm really worried about the length of the stuff found.

Here it is.

File Attachment: 
Kudos0

Re: Is it a rootkit :(

Hi,

Please could you also do a HiJackThis Log for us as well:

Download HiJackThis, http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis; the third .exe (Executable) Version in the list, run it, creating a Log.  If using Vista, Right-Click and "Run as Administrator".  Open that Log and Copy & Paste it here, or use the "Add Attachments" to Upload it here.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Is it a rootkit :(

123uh-oh123:

You have a vsfoce rootkit infection.  Please do nothing further until our malware expert Quads comes on line.  He will be available later in the day due to time zone differences. I will advise him that your log is now available.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Is it a rootkit :(

OK, there were only two options, so i picked executable. I ran the scan, here is the log. (thanks)

Edit: Delphinium, I am terribly sorry. I didnt see your post before I ran the scan. I hope that doesn't harm my computer more.

Message Edited by 123uh-oh123 on 08-31-2009 08:06 AM
File Attachment: 
Kudos0

Re: Is it a rootkit :(

No; running the HiJackThis will not harm your system but we may have to wait for the rootkit to be removed first since they seem to hide other malware along with themselves.  Please be patient.  Thanks.
Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: Is it a rootkit :(

OK, thanks... I assume I am waiting for Quads. Thanks everyone for your help so far.
Kudos2 Stats

Re: Is it a rootkit :(

Hi

1.  Download Combofix  to your Desktop, http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Don't use yet.

2. I have Personal Messaged you the script between the lines, look for the yellow envelope at the upper right hand side.   Copy the Script.

3.  Open Notepad and paste it in to notepad with the first line being killall::

4. Save the script as "CFScript.txt"       CFScript.txt is what you see on your desktop after saving.

5. Disable Nortons Auto-Protect and Firewall.

6.  Drag and drop CFScript.txt on top of Combofix.exe, like when you drop files into the recycle bin.

7. Combofix will start,  When it is scanning don't move the mouse cursor inside the box, can cause freezing.

Combofix will create a log at the finish

Quads 

Kudos0

Re: Is it a rootkit :(

 Thanks for that, I have attached the log
File Attachment: 
Kudos1 Stats

Re: Is it a rootkit :(

Download, Install, Update the definitions and run a Full Scan with Malwarebytes  http://www.filehippo.com/download_malwarebytes_anti_malware/  Quads 
Kudos0

Re: Is it a rootkit :(

OK, here it is. The rotkit seems to still be there, but I'm not sure if that's what you wanted?
Kudos1 Stats

Re: Is it a rootkit :(

Not to worry.  The files you see on MBAM are in the Combofix quarantine.  Quads will advise you what further steps to take.
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Is it a rootkit :(

I wondered what quarantine that was! Thanks again, my PC is running fine. MBAM gave me the option to remove the files, but I have not clicked anything, as I know how important it is to stick to exactly what you say.

You guys do a great job here!

Kudos1 Stats

Re: Is it a rootkit :(

Hi

You can have Malwarebytes remove them.

Quads 

Kudos0

Re: Is it a rootkit :(

Thanks, I'll mark the post about combofix as the solution and upload the final log file. You have been a great help, I commend you on your diligence.

This thread is closed from further comment. Please visit the forum to start a new thread.