RootKit Infection

hey guys, im currently experiencing some typical rootkit problems, eg. NIS hangs while scanning commonly infected files. apart from that im also experiencing some vista blue screen errors, something about a arcsas.sys file being involved :/.

 

attached is the sysprot log that i have generated. please advise! thanks!

 

Message Edited by Radagust on 09-07-2009 07:00 AM

Welcome to the Norton Community

 

You do indeed have a rootkit infection. I will pass your information on, and Quads, our rootkit expert, will be in touch. He is in another Time Zone so it will be some time until contact is made. In the meantime please be patient and do not attempt further cleaning as this usually ends up making it worse.

 

Thanks

Message Edited by mdturner on 09-07-2009 03:55 PM

ta, ill try not to pull my hair out at the mean time. :]

Sounds like you may be UK based with a “ta” comment in which case the time difference between you and Quads is not too bad.

nah im down south +8 gmt for me,

 

need quads uber scripttttt writing :]

used MAMB to clean everything. NIS seems to be working again. thanks anyways.

Mqalwarebytes removes one of this type of Rootkits, yeah whatever.

 

Quads 

That would certainly be a first, all right.

Well considering even after most of it gone I have to use step 3 to remove the registry entries even though MBAM detects it

 

Quads 

hmm NIS crashed half way while scanning, does this mean i still have it?

ran a full system scan again. it still crashes. safe to say its not a 1 off thing. any advice?

 

many thanks!

 

 

Problem signature
Problem Event Name:    APPCRASH
Application Name:    ccSvcHst.exe
Application Version:    107.0.6.4
Application Timestamp:    48f51148
Fault Module Name:    msl.dll
Fault Module Version:    107.0.4.3
Fault Module Timestamp:    47aa70f7
Exception Code:    c0000005
Exception Offset:    0001e876
OS Version:    6.0.6002.2.2.0.768.3
Locale ID:    3081
Additional Information 1:    6397
Additional Information 2:    a7081bc91b6d1ff4108a5ad90cfc9d60
Additional Information 3:    6397
Additional Information 4:    a7081bc91b6d1ff4108a5ad90cfc9d60

Extra information about the problem
Bucket ID:    988009754
 

Message Edited by Radagust on 09-07-2009 08:02 PM

Hi

 

Firstly Please stop personally messaging me

 

Second you did not follow instuction so I have no idea if it is gone or Not, no idea how Malwarebytes is able to.

 

Third,  This means that your logs are invalid.

 

Quads 

okay wise guy. ta

hahaha, call me a wise guy, Who went his own way??

 

The logs from GMER etc. become invalid because you have tried things that mean the output from such programs may not be the same.

 

Quads