Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

boot rootkit need help asap,make computer crash [Solved]

bootkit issue

  • Please log in to reply

#1
bambidbl

bambidbl

    Member

  • Member
  • PipPip
  • 73 posts

Hello,my computer has been crashing for a while,blue screens with various error codes.I ran an antivirus and detected two rootkits in two files,boot related.They're in the EFI,i dont really know what it is or what it does but i need to solve this thing.If anyone can help me please try,idk what to do.I need to use my computer often and it crashes at least 3 times or four before it holds it together.

Waiting for an answer  :)

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hello!
 
Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=====================
 
To begin with:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
bambidbl

bambidbl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

Hello

 

Hello!
 
Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=====================
 
To begin with:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

Hello,thanks a lot for answering me,i ve done everything you asked,waiting for your answer.Thanks again

Attached Files


  • 0

#4
bambidbl

bambidbl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I also can send a screen of my antivirus showing the two root kits if you want
  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hello, bambidbl.
 
Your system is infected. 
 
Please do the following as a start:
 
 
1. P2P program

You have two P2P programs: μTorrent and uTorrent web. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you continue using them, your computer will probably get infected again. But it is your computer and of course your decision.

  • If you decide to keep them, DON'T use them during the cleaning procedure.
  • If you decide to uninstall them, uninstall them now.

 

2. Antivirus programs

More than one of those programs may conflict with each other and cause the following:

  • False positives: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Low performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

You have these antimalware programs, along with the built-in Windows 10 security suite (Microsoft Defender):
 
AV: Sophos Home 
AV: Avast Antivirus 

Actually, you need one antivirus, so you need to choose one (Defender, Avast or Sophos) and uninstall the other (you can't uninstall Defender). 
 
Let me know about your decision and which one did you uninstall. 
 
 
3. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

 

For now, just uninstall the following:

 

Java 8 Update 371 
Java™ SE Development Kit 17.0.6 (64-bit) 
 
 
4. FRST logs
 
In my previous post, you missed the following:
 

 

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

 

Please do the above, run the tool again, and attach for me fresh FRST logs to check.

 

 

 

In your next reply please post:

  1. What did you do with the P2P programs
  2. What did you decide about the antivirus programs
  3. If uninstalling Java ran well
  4. FRST logs, Addition and FRST
  5. The screenshots from your antivirus showing a rootkit

 


  • 0

#6
bambidbl

bambidbl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hello,sorry i thought changing the name and putting « English »on it wasn’t an obligation,i ll be right back
  • 0

#7
bambidbl

bambidbl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

Hello,i have uninstalled the two p2p programs as i dont use them at all.I also uninstalled both java applications as you suggested and one of my av(sophos).I didnt say it earlier but the computer is when it doesnt crash very laggy and the windows task bar is not usable.

Here are the two files updated with the manipulation i forgot the first time,as well as the screenshot of the av(screenshot is from after i uninstalled evrything i told you above).

Thank you very much for your time,waiting for an answer.

Attached Thumbnails

  • image_2024-04-03_163223597.png

Attached Files


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hi, again.

 

I see this in your logs:

 

wgautilacc (S-1-5-21-2523344994-3823910579-3822066088-1005 - Administrator - Enabled) <==== ATTENTION
 
This profile was possibly created by this type of infection: 

https://vms.drweb.fr...18514846&lng=fr

If you did not create the WgaUtilAcc remove it.

How to Delete User Profile of an Account in Windows 10
https://www.tenforum...ndows-10-a.html

 

 

At the moment, please delete that account, please. I'll need some time to check the rest of the logs and fix a plan.

 

EDIT: Your logs were created before uninstalling the programs you said you uninstalled. It is important to follow the instructions in the same order they are given. I'll need fresh logs, please. 


  • 0

#9
bambidbl

bambidbl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

Hello again,i cant find that user anywhere,i ve deleted one that i created a while ago and has not been used but wgautilacc isnt there.Is it normal?

 

Attached Thumbnails

  • image_2024-04-03_181110377.png

Edited by bambidbl, 03 April 2024 - 10:11 AM.

  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Please see my EDIT note in my previous post. 


  • 0

Advertisements


#11
bambidbl

bambidbl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

hello,maybe i dont understand,my english isnt perfect tbh.I need to generate FRST.txt and the other txt file once again?


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Your English is just fine! I'm not a native English speaker either.

 

Yes, it would be better to have the logs after the uninstalls. 


  • 0

#13
bambidbl

bambidbl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

Oh,theres been an issue with the uninstalling thats why.Imma do it all over again sorry


  • 0

#14
bambidbl

bambidbl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts

hello,here they are,there was a problem when i uninstalled the programs the first time and i hadnt seen it.It should be good now.Thank you for the time you put in this,life saving:)

Attached Files


  • 1

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Thanks. Just letting you know that I'll be back to you by tomorrow afternoon. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP