hey guys, im currently experiencing some typical rootkit problems, eg. NIS hangs while scanning commonly infected files. apart from that im also experiencing some vista blue screen errors, something about a arcsas.sys file being involved :/.
attached is the sysprot log that i have generated. please advise! thanks!
Message Edited by Radagust on 09-07-2009 07:00 AM
Welcome to the Norton Community
You do indeed have a rootkit infection. I will pass your information on, and Quads, our rootkit expert, will be in touch. He is in another Time Zone so it will be some time until contact is made. In the meantime please be patient and do not attempt further cleaning as this usually ends up making it worse.
Thanks
Message Edited by mdturner on 09-07-2009 03:55 PM
ta, ill try not to pull my hair out at the mean time. :]
Sounds like you may be UK based with a “ta” comment in which case the time difference between you and Quads is not too bad.
nah im down south +8 gmt for me,
need quads uber scripttttt writing :]
used MAMB to clean everything. NIS seems to be working again. thanks anyways.
Quads
September 7, 2009, 11:17pm
7
Mqalwarebytes removes one of this type of Rootkits, yeah whatever.
Quads
That would certainly be a first, all right.
Quads
September 8, 2009, 12:22am
9
Well considering even after most of it gone I have to use step 3 to remove the registry entries even though MBAM detects it
Quads
hmm NIS crashed half way while scanning, does this mean i still have it?
ran a full system scan again. it still crashes. safe to say its not a 1 off thing. any advice?
many thanks!
Problem signature Problem Event Name: APPCRASH Application Name: ccSvcHst.exe Application Version: 107.0.6.4 Application Timestamp: 48f51148 Fault Module Name: msl.dll Fault Module Version: 107.0.4.3 Fault Module Timestamp: 47aa70f7 Exception Code: c0000005 Exception Offset: 0001e876 OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 3081 Additional Information 1: 6397 Additional Information 2: a7081bc91b6d1ff4108a5ad90cfc9d60 Additional Information 3: 6397 Additional Information 4: a7081bc91b6d1ff4108a5ad90cfc9d60 Extra information about the problem Bucket ID: 988009754
Message Edited by Radagust on 09-07-2009 08:02 PM
Quads
September 8, 2009, 5:27am
12
Hi
Firstly Please stop personally messaging me
Second you did not follow instuction so I have no idea if it is gone or Not, no idea how Malwarebytes is able to.
Third, This means that your logs are invalid.
Quads
Quads
September 8, 2009, 7:47pm
14
hahaha, call me a wise guy, Who went his own way??
The logs from GMER etc. become invalid because you have tried things that mean the output from such programs may not be the same.
Quads