Jump to content

Search the Community

Showing results for tags 'rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, Despite completely removing the software, and reinstalling, I am unable to carry out a custom scan and select the rootkit scan option. The C drive is listed on the right hand side, but I am unable to place a tick in it. Clicking the box to apply the tick does nothing, and of course without a tick in the box you can't run a rootkit scan. Does this have anything to do with the drive being encrypted by Bitlocker? I am able to run a scan if I download the Beta version of the Anti Rootkit scanner, just unable to use the module built into my MWB Premium. Version: 3.0.5.1299 Component Package Version: 1.0.43 Update Package Version: 1.0.872
  2. Hi I cannot seem to enable web protection on Malwarebytes, I believe that my computer was infected when I downloaded a program on some fishy website(which I shouldn't have done, that was 100% my bad). I thought at the time that it was a simple adware that I could get rid of easily with malwarebytes, so I installed it and it ran a few scans. The scans removed a total of 400 threats. Now the problem is that adwares keep popping up even though I haven't downloaded anything since I got the virus, I also think that it might be a rootkit. So I tried multiple ways to get rid of it, but I still cant go on google.com unless I use a VPN and now I cant re-enable web protection on malwarebytes. Thank you!
  3. Hello, I suspect my PC to be infected by some malware as it had turned Avast service off and I could not turn it back on. I did a custom scan with Malwarebytes with Scan for rootkits options ON in both scan settings and malwarebytes general settings. The scan also showed scanning for rootkits (rotating curved arrows and hourglass inside a circle) and completed without any infections. However when i look inside the reports, it says that the Scanning for rootkits disbaled . I have repeated this many times now and get the result same. Do you have any idea how this happens ? I also see a file called 'abtsvchost.exe' which seems suspicious (but shown harmless on virustotal.com). Do you know if this is a known rootkit and causing the above problem ?
  4. I did the update yesterday and overnight the first scheduled scan occurred. I looked at the log this morning and found that it said that the rootkit scan was disabled. Yet when I went into the settings it does appear to be enabled. Which is correct? This was also happening in the previous version, but there were so many problems with that version I never said anything. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/24/16 Scan Time: 6:08 AM Logfile: Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.847 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 476528 Time Elapsed: 4 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) MBAMSERVICE.zip
  5. Not only is v3.04 Free (Win7/Ent/SP1) failing to install, and hanging at Heuristic Analyses, it's now hanging on some systems at Scanning Rootkits. All of these problems go away if I remove v3.04 and install v2. Which is what I'm doing. #NotReadyForRelease GaryK
  6. Hi, When I want to analyze with anti-rootkit, it say that it cannot start the module. How can I resolve the problem ? Thanks
  7. I'm not sure what to think about this HP touchsmart with mouse pad or usb mouse The symptom is as follows: Mouse pad or external mouse is jumpy and mouse moves around on it's own. Windows, apps and/or browser opens on it's own and eventually you can't really move your mouse because it jumps to the desktop as soon as you try to hit the X to close a windows or application. The background screen has occasional sparkles or resembles a sprinkle as if a light rain is hitting a smooth lake or something. All wifi and internet are disconnected and wiped the hard drive and partitions using a USB live linux CD to create new partition table and format. I installed Fresh windows and the mouse / sprinkle was starting to emerge again. Even after updating the flash with flash utility the sparkle effect was still present occasionally but the mouse movement appears to be gone from what I can tell. I do suspect the virus is still present in the bios and perhaps back on the hard drive somewhere. Please advise
  8. Running Win 7 Pro and have been using only Microsoft default protections. Just downloaded Malwarebytes trial and ran full scan. The only thing at all that showed up was some old serial port test program that I'd downloaded a few years ago but hadn't used for ages. So I let the tool delete it even though I'm 99 percent sure it was safe. But looking at the default options selected I noticed that as a default Malwarebytes does not scan for rootkits. So I enabled that and ran the scan again, and it detected 2: Rootkit.Pihar.c.mbr on sector #5 on volume #1 Rootkit.Pihar.c.mbr on sector #0 on volume #1 I have no symptoms of any sort of infection. No random reboots, no odd popups, no BSOD. I found a list of registry entries typically associated with this MBR infection and found none of them at all. Doing a google search for that rootkit, it looks like most of the discussion is from a few years ago, and most is about trying to recover after botching the MBR removal. So for now, I'm sitting on it. But my questions are: What are the chances that allowing Malwarebytes to remove the rootkit by clicking "remove selected" will screw things up? What are the chances that the rootkit is just so very smart that it isn't allowing me or Malwarebytes to see some serious infection by hiding its payloads. Thanks.
  9. I have tried to run MBAR since having MBAM problems. It update the database version & then when it cannot update the rootkit database, reverts back to the old database version with the message "HOST FAILURE".
  10. Hello.. I have a idea about Script Removal Tools or Drag Down Tool for remove any stubborn Services/Drivers, File, Folder, or maybe Registry. This tool of course also powerful like Malwarebytes Anti Rootkit. So, with this tool, w don't need to scan anymore. We already know what to do dan we just want to delete it. This tool can compensate MBAR if MBAR can't detect any newest Rootkit. Another tool like this: BlitzBlank or The Avenger. The Avenger is discontinued (also Not support 64 bit) and Blitblank cannot produce a accurate (we don't know success or fail) log after doing it's job. So, I hope Malwarebyte can create a tool like this. Can create a complete log like The Avenger and can support 32 and 64 bit and compatible start to Windows XP to Windows 10. Thank you..
  11. I had a Ramnit.A infection a few weeks ago and after detecting the infection with Malwarebytes, I decided to do an HP Factory reset, opting to reformat the drive and abstaining from backing up anything in the infected hard drive. I did move over a few document like tax returns and pictures that I scanned on virustotal.com first to check for infection but those files were completely clean. Now when I run malwarebytes, it’s not picking up any Ramnit.A infections, but from time to time there are periods of freezing and sometimes when I’m using chrome, there will be a random click and my browser will be minimized. Another peculiarity that occurs regularly is that in the 30 seconds after login, I will hear a clicking sound not triggered by any physical mouseclicks. Is my paranoia unfounded? Did the Ramnit.A survive the reformatting or did it infect the recovery files? What can I do to make sure that I’m not being remotely observed/keylogged?
  12. I came over from anti malware help section at the suggestion of 1PW. Thread below. I have attached the 2 recommended logs for Log Set 1. Thank you for your help! Addition.txt FRST.txt
  13. I started experiencing problems with my PC, running Windows7, I removed it the threat and restarted my device. I reran the full scan to ensure removal. But the problem reoccurred again this morning. Can someone please advise me on next steps to remove this threat? Addition.txt FRST.txt
  14. I started experiencing problems with my PC, running Windows7, I removed it the threat and restarted my device. I reran the full scan to ensure removal. But the problem reoccurred again this morning. Can someone please advise me on next steps to remove this threat? Addition.txt FRST.txt
  15. Hello everyone, My name is Manny and I'm looking for some assistance with my machine which recently got infected with some virus/trojan that seemed to brought along bunch of his buddies... Anyways, I have ran the MBAM a few times with FULL SCAN and after a 1-2 hours scan it finds and remove several entries but upon a reboot and a few hours of being ON all the entries seems to come back and I notice the increased of HDD space when I haven't even used the machine at all. Tools ran: - MBAM - TDSSKiller - AdwCleaner - RogueKiller - MBAR (anti-rootkit) - MSERT.exe (Microsoft tool) Would love to get some additional help to remove all these infections once and for all. Let me know what you may need, I will subscribe to this thread and thanks in advance PC SPECS: OS: Windows 7 SP1 64bit RAM: 32GB HDD: SSD 128GB
  16. Greetings, I have mother-in-law's laptop she states has a rootkit virus. She was attempting to install a new Roku paid channel called UKTV and she was not able. She called Roku support and they advised it was due to a rootkit virus. She states they remoted onto the computer (stick with me here) and showed her the rootkit virus issue and advised her a $300.00 fee to remove the virus. There is likely another component to the story but nevertheless I now have the CPU with me, offline, with flash drives ready to onboard programs to analyze and sanitize the system. Let's avoid the odor of the story and go straight to question 1: where should I start? Thank you in advance.
  17. Hi there, Recently, my laptop always stuck at shutting down screen, I need to manually press the power button to switch it off. So I ran MBAM to scan my system with the rootkit detection active but always getting this error: "Error: malwarebytes was unable to load the anti-rootkit driver. Error code:20026" The scan will be completed without any detection if I do not check the rootkit detection. Am I infected? Thanks!
  18. So I took a full scan of my computer with malewarebytes free edition. This is what i discovered (Text file follows). What is worrying me is this thing: Rootkit.Komodia.PUA I removed it using mbam but is it completeley gone and what is it? Rootkit.txt
  19. Yo guys I'm in serious trouble but I'm not sure if this is the right place to do a thread but I'm struggling with some kind of BIOS/UEFI rootkit. I have for a while been getting weird entries in the Rootkit/Malware tab in Gmer. I have also noticed some strange executables running among processes. All described as Windows services but you could easily see that those executables didn't belong to a clean Windows 7 install. I have been using DBAN to wipe all disks, formatted them and reinstalled but I keep getting infected. All above mentioned returns. To ensure that I'm infected I have compared processes running in the Task Manager with my neighbour. He has almost the same setup as me but most importantly he has the same motherboard as I. We've compared the DMI information inside the BIOS and we can confirm that mine has been modified. My problem is that if I try to reflash the motherboard through USB it seems like the Virus/Rootkit just will write to the USB and execute its own code cause a USB is writable. With that said I have also been working on making a bootable DOS-CD with a new BIOS version and a DOS Flash Utility with no success either. It's like the DOS can't read the files from the CD, even though I meddle a little with CONFIG.SYS and AUTOEXEC.BAT. It's like the DOS can't find any cd drivers. Another mysterious thing that indicates infection is when I set the clear CMOS jumper or clear CMOS button with no effect, it looks like that the motherboard resets and runs normally for 3-5 seconds, and then it executes some other code. A reason for me believing it runs another code is that I am using a Corsair H100i water cooling kit which you can't change the LED color on, unless you install Corsair Link in Windows and change the LED color. When I reset the CMOS and want to boot, it lights up the cooler LED as white, as it should per default, if you don't change the color in Corsair Link it should show a damn white light! But then after 3-5 seconds the LED lights turns up as red. If I go to my neighbour with exact same motherboard, CPU and cooler the LED light is white all the time. In the BIOS you have two functions, GO2BIOS and boot BIOS from file if I use the first function it just reboots to the screen where I can either enter BIOS or Boot Menu by pressing F2 or F11. If I use the boot BIOS from file I get an error saying "The data mapping running is different from the BIOS you want to boot, if you press enter your system might not start." If I press enter it just reboots to the same screen as mentioned above. Should the two functions act like that? Or is it the Rootkit messing things up? I think my laptop has been infected too. Any feedback would be awesome since I'm becoming quite desperate! Setup: MOB: MSI Z87 G45 Gaming SSD: Samsung 840 evo CPU: i5 4690K
  20. Hello there, my situation is very tough from my point of view. Im using Windows XP SP3 build 2600, everything working normally. But today my computer has stopped working almost completely and won't start in normal mode, just like if something damaged my HDD, went on safe-mode and then I remembered I had my very old OS system, wanted to make a recovery but then the blue screen would come up, I discarded that possibility totally. After that I tried MBAM with chameleon but to my surprise, the DDA driver couldn't be installed!, as far as I know the DDA driver should be working perfectly on safe-mode, then I realized that the main problem wasn't a boot problem, it was a rootkit, OKAY NOW you barely know my situation, I tried MBAR but the driver won't install due to the rootkit, I tried several times getting chameleon executed first, then MBAR but nothing. You could be thinking that I have to reboot and let the driver install normally... but wait!, I am on safe mode and I can't go on Normal mode due to the rootkit! Safe mode will just delete any scheduled operations no matter what program schedules it. Maybe I'm skipping something important here or misunderstanding how safe-mode works, or even a bad configuration (I don't think so, I've been using MB products from a very long time now), but what matters now is that I need the driver installed under these circumstances, formatting is not an option, I have a ton of important files and backing them up its unreal. I need help. Thanks for reading guys I'm relying on you!, Zantetsuken.
  21. Picked up a nasty virus last night, malwarebytes scan show as a rootkit fileless mtgen having alot of trouble getting rid of this bug and its already caused some damage, looking for some help on possible manual removal. Downloaded and ran MBAR, and McAfee anti rootkit, both detect, but cannot remove. Thanks!
  22. Hi Though I checked the 'Scan for rootkits' box a few weeks back the Scan Logs always say 'Rootkits: Disabled'. This may or may not be a problem, I don't know. Earlier, though, when I logged on I got a message saying that MBAM couldn't update or load the Rootkit driver. The first message gave me a code of 20023 (I think) and after the restart I had two messages giving me a code of 20025 (definitely). Any help would be appreciated. Thanks.
  23. I have checked my setings to make sure that rootkit scanning is enabled, but when looking in the logs it always says it is disabled. Am I doing something wrong, or do I need to do something else?
  24. Hello Today Malwarebytes had a message upon start up saying that its rootkit module could not start and that this might be a sign of a rootkit. I got an error number [ forgotten]. Maybe I should uninstall Malwarebytes and reinstall?
  25. Symptoms: 1. Logon results in Malwarebytes displaying a pop-up "unable to load the Anti-Rootkit DDA Driver. Asks if I want to try a reboot. 2. Replying to the boot question in 1. results in a quick pop-up saying : "SDKCreate failed with code 20023". This small window displays for less than a second. 3. Manually bringing up the Malwarebytes screen from a user account shows no Real-time Protection, but from an admin account, shows it as still on (Fully Protected). 4. "Start Malwarebytes Anti-Malware with Window" in Advanced Settings is being turned off on user and admin accounts. 5. My second Windows 10 system, on my LAN, is also infected with the same symptoms. Status: Malwarebytes Antimalware Premium has been running on both systems continuously for about a year. Ran a Custom Scan with Antimalware (with Scan for Rootkits checked) but nothing was found. This is on my faster deskside system. My laptop is still running the Custom scan. Farbar Recover Scan Tool reports (run from a non-admin account) follow: Dan P.S. First attempt to post was rejected as too long. So I'm attaching the files instead. -------------------------------------------------------------------------------------- FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.