Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware


  • This topic is locked This topic is locked

#31
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
We don't need that program for this. Do one more scan for me. Download gmer rootkit detector from http://gmer.net/

unzip it & double click the gmer.exe file

select rootkit tab & press scan

when it has finished press save & post back the log it makes
  • 0

Advertisements


#32
Trent M

Trent M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-13 16:26:21
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F891A316] smtcpmon.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F891A50E] smtcpmon.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F891A743] smtcpmon.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F891A316] smtcpmon.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F891A50E] smtcpmon.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F891A743] smtcpmon.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F891A316] smtcpmon.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F891A50E] smtcpmon.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F891A743] smtcpmon.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F891A316] smtcpmon.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F891A50E] smtcpmon.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F891A743] smtcpmon.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F891A316] smtcpmon.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F891A50E] smtcpmon.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F891A743] smtcpmon.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9CEC701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9CEC701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9CEC701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9CEC701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9CEC701] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [A9CEC89D] tfsnifs.sys

---- Files - GMER 1.0.12 ----

ADS C:\WINDOWS\system32:lzx32.sy_

---- EOF - GMER 1.0.12 ----
  • 0

#33
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK good. Just realised you were referring to the next step in your earlier message, for whatever reason I was thinking of a different program.

Open HiJackThis
Press 'Config' button
Press 'Misc Tools' button
Press 'Open ADS Spy' button
Press 'Scan' button

Look for this entry:

ADS C:\WINDOWS\system32:lzx32.sy_

Select it and press 'Remove selected'

Exit HiJackThis. Reboot and re-run AVG Antispyware. Post the results.

Edited by Daemon, 14 January 2007 - 05:27 AM.

  • 0

#34
Trent M

Trent M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ran HJT and removed the item: ADS C:\WINDOWS\system32:lzx32.sy_

Rebooted in safe mode and ran AVG Anti-Spyware..... and it found nothing !!

Yeah!

Thanks again for all your help.

Trent
  • 0

#35
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK, good. Are you ready for the topic to be closed?
  • 0

#36
Trent M

Trent M

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Yes.... it's all good now.

Cheers!
  • 0

#37
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Glad to help :whistling:



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP