FakeAlert-CM caught, now unable to start any type of Malware removal tool

Archive
1

A few days ago I got "something" on my computer, norton caught something called "FakeAlert-CM" but stopped it or so I thought. So I went on doing my normal computer stuff not thinking much of it. Now 2 days later My coputer starts as though it were in "Safe Mode" all the time, I'm not able to run Malwarebytes, Spybot, HijackThis, etc to even find out what is on my system. I'm now also unable to get on the internet from that computer as weell. I've tried bootable virus scanners loading from a flash drive that have ran for hours but found nothing. I'm pretty much at the end of my rope here and need some help.

 

Here is a log from RootRepeal which contains items similar to this forum post http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=53034&view=by_date_ascending&page=3

 

 

Any help would be appreciated

 

[edit: Changed subject to reflect issue.]

 

 


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/06/22 14:48
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB9A9D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: MSIVXckmtnmevxdlmlmddvbawqpsbpfaorodb.sys
Image Path: C:\WINDOWS\system32\drivers\MSIVXckmtnmevxdlmlmddvbawqpsbpfaorodb.sys
Address: 0xB9B2D000 Size: 184320 File Visible: - Signed: -
Status: Hidden from Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB929B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXfidlypjbebdywjbauyihnuoulhtitqsl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXutjdkmrcduqjgmmupynageeeaxptftkj.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\MSIVXckmtnmevxdlmlmddvbawqpsbpfaorodb.sys
Status: Invisible to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf764787e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf7647c10

Stealth Objects
-------------------
Object: Hidden Module [Name: MSIVXfidlypjbebdywjbauyihnuoulhtitqsl.dll]
Process: svchost.exe (PID: 556) Address: 0x10000000 Size: 61440

Hidden Services
-------------------
Service Name: MSIVXserv.sys
Image Path: C:\WINDOWS\system32\drivers\MSIVXckmtnmevxdlmlmddvbawqpsbpfaorodb.sys

==EOF==

Message Edited by shannons on 06-22-2009 05:48 PM