Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stubbon Rootkit Virus

Started by Luckorskill , Nov 18 2013 03:54 AM

  • Please log in to reply

#1
Luckorskill
Posted 18 November 2013 - 03:54 AM

Luckorskill

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

I dont really have much knowledge about malware removal to please forgive when i use the wrong jargon :P

ok the other day AVG told me i have a virus, i think it was a trojan, so i "healed" it but i dont think it worked... cause it kept popping up every couple of hours or so.

i did i virus scan using AVG and using Malwarebytes and i think about 60-70 infections were found.

with AVG it wouldnt give me the option to remove or heal them but it did with Malwarebyes (but i dont think it did anything)

I later read on one of the scan reports that they were effecting some of my system files and i guess this is why i wouldnt heal or delete them.

Now i shall tell you what i have done to try and remove them.

AVG CD rescue:
-i downloaded and mounted the image to a cd and booted it on startup,
-Scanned and healed the files. (AVG CD rescue)
-rebooted in windows and scanned with AVG and found 16 infections...
-booted with AVG CD rescue AGAIN and updated virus database
-rescanned with AVG CD rescue
-rebooted in windows and found i still had 16 infections...
-rebooted in AVG CD rescue and scanned and it found no virus then i repeated this and found still no virus...

so at the moment there are 16 infections which i have no idea to get rid of
AVG calls them SYSENTER hook ->0xFFFFF800034C0BC0
the numbers at the end change slightly thoughout the 16 infections

Let me know what scan results you would like and i'll post them
ohh ive upload the two logs from the dds scanner

when doing the scan with GMER, I have turned off my AVG protection and then open the GMER and instantly a message comes up
"c:\Windows\system32\config\system The process cannot access the file because it is being used by another process"
I click OK then i follow the directions in the forum for this program and click scan
It starts scanning then come up the the error messages
"c:\Windows\system32\config\system The process cannot access the file because it is being used by another process"
"C:\Users\John\ntuser.dat: The process cannot access the file because it is being used by another process"

Then finishes the scan,
I have attached that scan report of the GMER in this post

Attached File  dds scan 1.zip   10.01KB   83 downloads
Attached File  GMER.txt   51.41KB   167 downloads
  • 0

Advertisements

#2
Luckorskill
Posted 18 November 2013 - 04:03 AM

Luckorskill

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Sorry for posting the GMER and DDC log. disregard i just read that i shouldnt of posted it...

i have posted a OTL log in this post tho. x

Attached File  OTL.Txt   108.85KB   90 downloads
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP