Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think I've got a deep rootkit and I dont know how to find it [Cl

rootkit malware gmer

  • This topic is locked This topic is locked

#16
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

No problem at all Karmafish. We still have some work to do to get you fully clean.
Pokki is actually riddled with spyware so that is why it has been targetted for removal by me and also adwcleaner identified it as such as well.
It is likely to have been a source of some of your problems.
 
I would highly recommend fully uninstalling Pokki via Programs and Features.

 

If you would like a start menu for windows 8 then you can try http://www.classicshell.net/ that does not come with installed malware.


  • 1

Advertisements


#17
Karmafish

Karmafish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Oh wow I had no idea at all ! I even re installed it a few times since it stopped working, But I uninstalled it now. Would I have to scan again ? Thank you for that tip I cant believe how innocent it seemed!

What is our next step ?


  • 0

#18
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

To continue the clean:

First...

Re-run AdwCleaner

Close all open windows and browsers.
  • Double click the adwcleaner.pngAdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
then...

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


next..

Please run a free online scan with the ESET Online Scanner
  • Click Run Eset Online Scanner
Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan. If you need instructions on how to disable it, please check out this site: [url=http://Important: Please disable your existing AV software for the duration of the scan. If you need instructions on how to disable it, please check out this site: %5Burl=http://www.bleepingc...lware-programs/
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:
eset-selections.png
  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
eset-selections.png
  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\Eset\\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
[b]Items I need to see in your next post:
  • ADW Clean log
  • Malwarebytes Log
  • ESET Log

  • 0

#19
Karmafish

Karmafish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Right after I ran the adwcleaner's clean function my computer rebooted and now it doesnt connect to wifi, What happened ?
  • 0

#20
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Do you have the log it created?
It was only cleaning a few simple entries so shouldn't have created a problem as it was nothing intrusive.

The log wil be at C:\AdwCleaner\AdwCleaner[S0].txt
  • 0

#21
Karmafish

Karmafish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I have the log but I cant post since im on my iphone now, Ill try copying it from a different computer
  • 0

#22
Karmafish

Karmafish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
# AdwCleaner v3.309 - Report created 09/09/2014 at 12:48:16
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : yousuf - BENTOBOX
# Running from : C:\Users\yousuf\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\StumbleUpon
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v32.0 (x86 en-US)
 
[ File : C:\Users\yousuf\AppData\Roaming\Mozilla\Firefox\Profiles\094jt4zu.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [1289 octets] - [08/09/2014 11:58:42]
AdwCleaner[R1].txt - [1079 octets] - [09/09/2014 12:46:45]
AdwCleaner[S0].txt - [1004 octets] - [09/09/2014 12:48:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1064 octets] ##########

  • 0

#23
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Adwcleaner removed a remnant of pokki and some browser stuff. Nothing that could affect the wifi so lets take a look at a few options.

Have you tried pressing the F8 key (or fn and f8)

Or I believe F7 is airplane mode so that may be activated.
  • 0

#24
Karmafish

Karmafish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I just tried all of those but nothing happened. When i pressed the clean button after the scan, Webroot told me that a file called netsh.exe was trying to install every time the computer turned on so i blocked it with webroot. After my computer reset it was alot slower and also alot of things got turned off like firewall, windows defender, webroot as well as some glitches in the file explorer. Could netsh.exe have anything to do with this ?


  • 0

#25
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
netsh is part of the windows networking stack so yes.
  • 1

Advertisements


#26
Karmafish

Karmafish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

is there anyway to fix this ? I cant believe I blocked that program  :no:


  • 0

#27
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
You should be able to unblock it within webroot. If not then you could always uninstall webroot for now and reinstall it afterwards.
  • 0

#28
Karmafish

Karmafish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I tried looking all over for where it was blocked in webroot but i couldnt find it. is there possibility that it is deleted or corrupted ?


  • 0

#29
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Try following the procedure on here first before we look at other options. http://live.webroota...-Allowing-Files
 


  • 0

#30
Karmafish

Karmafish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hey Ruggie, I finally got the internet working on my laptop. I had to use windows refresh but I lost a lot of programs, I will install those sometime later but now Im wondering what the next step is.


  • 0






Similar Topics


Also tagged with one or more of these keywords: rootkit, malware, gmer

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP