Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Service Function Nt [Closed]


  • This topic is locked This topic is locked

#1
zeppelinoid

zeppelinoid

    New Member

  • Member
  • Pip
  • 1 posts
Hi

I am trying to work using a spare notebook to while overseas during the holidays. Unfortunately, my daughter's friend downloaded a game last year and severely infected the machine.

I have cleaned it up as best I can but have been unable to remove the following rootkit infections:

Service Function NtMapViewOfSection hook -> 0xFFFFFFFF860C8EE0
Service Function NtCreateThreadEx hookn -> 0xFFFFFFFF860E6F70
Service Function NtAlpcConnectPort hook -> 0xFFFFFFFF8589C260

Please someone be kind enough to give me a steer on how to get rid of these?

Many Thanks
Zeppelinoid
  • 0

Advertisements


#2
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts
Hello Zeppelinoid, and welcome to Geeks to Go! :)

My name is bloopie and I'll be happy to help you with your malware issues! :thumbsup:

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

====================

I have cleaned it up as best I can but have been unable to remove the following rootkit infections:

Service Function NtMapViewOfSection hook -> 0xFFFFFFFF860C8EE0
Service Function NtCreateThreadEx hookn -> 0xFFFFFFFF860E6F70
Service Function NtAlpcConnectPort hook -> 0xFFFFFFFF8589C260


Regarding the above, could you please let me know exactly what program is telling you they are rootkits? AVG or another program?

>>Now, let's get a few quick logs to work with so that we can get an idea of the state of the machine (these logs will not take too long). The first log is an antirootkit scanner, so please follow all instructions very closely!! If you have any questions, please stop and let me know before proceeding!

====================

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Note: If you choose delete without my authorization, you may ruin your machine!

==========

Step 2

Next, I'd like to see the two logs from FRST...instructions are directly below:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

==========

In addition the three requested logs above, please let me know if there are any changes to the machine and we will go from there!

bloopie
  • 0

#3
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts
Hello again,

This is a 3-Day Bump! If you still wish to receive help, please follow the instructions in my previous post!

If you do not respond in another 48 hours, I will be forced to close this topic due to inactivity!

bloopie
  • 0

#4
bloopie

bloopie

    Trusted Helper

  • Malware Removal
  • 62 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP