Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unknown file detected as rootkit [RESOLVED]


  • This topic is locked This topic is locked

#16
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll
Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1436739e-f758-ae8a-f7eb-bed7cbf18c9c}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

Advertisements


#17
fortune82

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Wont let me use that last one. Keeps saying installation failed.


And the PC has been running fine
  • 0

#18
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll
C:\Documents and Settings\All Users\Application Data\Viewpoint
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1436739e-f758-ae8a-f7eb-bed7cbf18c9c}

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#19
fortune82

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Thanks a lot!! This little infestation was particularly nasty; happened while using IE7, before I could install Firefox or any Anti-Spyware or -virus.
  • 0

#20
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP