, and welcome to Geeks to Go
My name is bloopie
and I'll be happy to help you with your malware issues! A few things to keep in mind while we are working together:
- If you have since resolved the original problem you were having, I would appreciate it if you let me know.
- If you are unsure about any of the steps just post what you can and I will guide you!
- Please tell me if you have your original Windows CD/DVD available.
- Please copy and paste all logs here unless otherwise instructed!
- Upon completing the steps below I will review your topic an do my best to resolve your issues.
- Please do not run any other tools without my instruction to do so!
I have cleaned it up as best I can but have been unable to remove the following rootkit infections:
Service Function NtMapViewOfSection hook -> 0xFFFFFFFF860C8EE0
Service Function NtCreateThreadEx hookn -> 0xFFFFFFFF860E6F70
Service Function NtAlpcConnectPort hook -> 0xFFFFFFFF8589C260
Regarding the above, could you please let me know exactly what program
is telling you they are rootkits? AVG or another program?
>>Now, let's get a few quick logs to work with so that we can get an idea of the state of the machine (these logs will not take too long). The first log is an antirootkit scanner, so please follow all instructions very closely
!! If you have any questions, please stop and let me know before proceeding!
Please download the latest version of TDSSKiller from here
and save it to your Desktop
Note: If you choose delete without my authorization, you may ruin your machine!
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
- Put a checkmark beside loaded modules.
- A reboot will be needed to apply the changes. Do it.
- TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
- Then click on Change parameters in TDSSKiller.
- Check all boxes then click OK.
- Click the Start Scan button.
- The scan should take no longer than 2 minutes.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
- A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Next, I'd like to see the two logs from FRST...instructions are directly below:
Please download Farbar Recovery Scan Tool
and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
- Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
- When the tool opens, click Yes to disclaimer.
- Press the Scan button.
- When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
- Please copy and paste the log in your next reply.
==========In addition the three requested logs above, please let me know if there are any changes to the machine and we will go from there!