Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Removing a pestering Hacktool.Rootkit infection.

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
I’ve recently picked up a handful of problems on my computer; many of them seemed to have been removed with application of the forum’s suggested steps. However, I’m still having recurring problem with two particular symptoms…

A) Any time I start up Internet Explorer (with OR without my network cable attached), I get a notice from Norton that it’s fixed an infection and needs to restart my computer to finalize removal. I can follow the restart, just to return to the same issue again. Pulling up the Norton history logs, it’s continuously finding a file named “yaifqoaa” that it flags as Hacktool.Rootkit infected.
B) If my network cable is connected, Norton begins a myriad of flags that there are issues sending spam. My cable modem provider has actually cut off my service once already for excessive mail being sent from my PC. If the network cable is removed, these messages go away.

I’ve gone through all the recommended forum steps, and have the following progress…
1) TFC – success
2) ERUNT – success
3) MBAM – success, log shown below. Note that this is actually the second or third time I’ve run this after cleaning a lot of other problems.
4) NAV – success, with no items found during a full system scan. Again, this is 2-3 trials later after a lot of earlier cleanup.
5) GMER – success; however, the log file was enormous. The forum won't let me add as an attachment (828 KB) and it's apparently too large to post. Note that I did see some “yaifqoaa” entries that this has flagged as Rootkit which is the same name that Norton continues to find in (A) above
6) OTL – unsuccessful in Normal Mode; every time I tried running this it hangs on the scan of Netsvcs. I was able to run successfully in Safe Mode. Please let me know if you want to see the Safe Mode logs or try to fix getting it to run in Normal Mode.

This battle has become very frustrating so all help is greatly appreciated! Let me know whatever other information would be useful.



Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/18/2010 6:07:56 PM
mbam-log-2010-01-18 (18-07-56).txt

Scan type: Quick Scan
Objects scanned: 119887
Time elapsed: 11 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lrec75dnd7 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP