Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Issue


  • Please log in to reply

#1
bypc

bypc

    New Member

  • Member
  • Pip
  • 7 posts
I have been told that my system is infeced with malware. When I turn on my computer two errors pops up.

1) Program with shortcut- The drive or network connection that the short "IMVU.lnk" refers to is unavailable. Make sure that the disk is properly inserted or network resource is available, and then try again.

2) Program Error- WMP54Gv4.exe has generated errors and will be closed by window. You will need to restart the program. An Error log is being created.

I follow the malware and spyware cleaning guide up to step 4 and the same errors still pops up. So, I went to the next step, which is, to download RoorRepeal.exe program to my destop. When I click the "Scan" button an error pops up and said "RootRepeal Error- DeviceloControl Error! Error Code=0x0." I went on to the next step and tried to download OTL program but I couldn't do it. A warning pops up saying "System Restor Interface Not Present. I'm not sure what to do next. Please help! Here is a report when I tried to scan rootrepeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/22 19:30
Program Version: Version 1.3.5.0
Windows Version: Windows 2000 SP4
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xBFABB000 Size: 90112 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xEBA4F000 Size: 4096 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINNT\system32\drivers\rootrepeal.sys
Address: 0xBEDE7000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
ServiceTable Hooked [0x80480a20]!

#: 024 Function Name: NtClose
Status: Hooked by "C:\WINNT\System32\Drivers\aswMon.SYS" at address 0xbf86e210

#: 029 Function Name: NtCreateDirectoryObject
Status: Hooked by "C:\WINNT\System32\Drivers\aswMon.SYS" at address 0xbf86e0fc

#: 032 Function Name: NtCreateFile
Status: Hooked by "C:\WINNT\System32\Drivers\aswMon.SYS" at address 0xbf86d1d2

#: 035 Function Name: NtCreateKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb01574

#: 041 Function Name: NtCreateProcess
Status: Hooked by "C:\WINNT\System32\Drivers\aswMon.SYS" at address 0xbf86ca6c

#: 043 Function Name: NtCreateSection
Status: Hooked by "C:\WINNT\System32\Drivers\aswMon.SYS" at address 0xbf86db9a

#: 055 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb01a52

#: 058 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb0114c

#: 100 Function Name: NtOpenFile
Status: Hooked by "C:\WINNT\System32\Drivers\aswMon.SYS" at address 0xbf86d6f8

#: 103 Function Name: NtOpenKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb0164e

#: 106 Function Name: NtOpenProcess
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb0108c

#: 111 Function Name: NtOpenThread
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb010f0

#: 155 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb0176e

#: 180 Function Name: NtRestoreKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb0172e

#: 194 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINNT\System32\Drivers\aswMon.SYS" at address 0xbf86df26

#: 215 Function Name: NtSetValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xbfb018ae

#: 237 Function Name: NtWriteFile
Status: Hooked by "C:\WINNT\System32\Drivers\aswMon.SYS" at address 0xbf86de5e

==EOF==

Edited by bypc, 25 November 2009 - 08:02 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP