Jump to content

Search the Community

Showing results for tags 'rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I read Medfos topic at http://forums,malwarebytes.org/index.php?showtopic=121173, moderated by Gringo (William Rowland). I did not find a solution found in the solutions area that I was requested to review before making a post. After my initial description below, I give a list of the logs I got from various programs used in the above topic, in the order they were generated. The system is Compaq Presario SR5710F with Windows XP SP3, 3 GB RAM, Firefox v23 browser, Malwarebytes Pro, ClamWin, Spybot, and Spyware Blaster with Java 7 enabled. About one week ago, the following activity began in a
  2. I have 15 years experience in IT work, and this one has been nasty. Basically, whenever I click on the user accounts, a script executes that tries to do a force-entry of our server. It also does this with the network cable unplugged. I believe I have a nasty rootkit. I have done all of the traditional stuff, and I am needing your expert help. I also believe this rootkit is on two servers. Formatting and reinstalling is an absolute last resort. PLEASE HELP! I am a registered user of Malwarebytes, and I have installed it on hundreds of client's machines in the past.
  3. I just did a clean install of Windows 7 from the recovery partition on my laptop and immediately started having problems. I've run several scans with MalwareBytes and have received various results labeled either "rootkit.0access" or "trojan.zaccess". The infection is not removed on restart; I always come back with at least a couple of "trojan.zaccess" results. I see that there have been several threads on this particular problem recently and I will do my best to include all of the commonly requested logs here. dds.txt attach.txt RKreport0_S_08292013_224349.txt FRST.txt Addition.txt Thanks
  4. Hello, I have recently ran Malwarebytes normally in Quick Scan and then waited a while and came across some kind of malicious software called Hijack.Homepage. So I've decided to remove it and then it told me to restart to remove it. So I did, and after my system restarted I wanted to make sure if it's gone so I scanned it again and then, the same software popped up. So I removed, restarted, scanned again and it's still there. So for a while I've did the same thing over and over again like a maniac and nothing really changed. I've also scanned with Norton 360 and then after the scan the Hijack.
  5. i have used combofix, malewarebytes and other tools to clean system, but gmer still states something wrong. please advise pasted results below GMER 2.1.19155 - http://www.gmer.netRootkit quick scan 2013-08-13 13:57:31Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980813AS rev.3.ADB 74.53GBRunning: kziy15r3.exe; Driver: C:\Users\Your\AppData\Local\Temp\kgldrpoc.sys ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys Device \Driver\tdx \Device\Ip OAmon.sysDevice \Driver\tdx \Device\Tcp OAmon.s
  6. Okay, so I have a weird virus in my flash drive, or possibly just an error, either way I need help. What it's done is make files and folders inaccessible, (It says "The file or directory is corrupted and unreadable) and created new folders and files with strange names and that have a size even bigger than is able to be fit into the drive. Nothing is able to be deleted or copied/cut and pasted. No virus scan or anything can detect any virus. I can provide more information if requested. Here's a screenshot of the files, and I can take more screenshots if requested: http://postimg.org/image/dguo6
  7. I discovered a root-kit on my system a few days. I just built this new system and had yet to set up anti-virus software. I ran several anti-rootkit programs. These included Malwarebytes Anti-Rootkit, Windows Malicious Software Removal Tool July 2013, Sophos Anti-Rootkit, Norton Power Eraser and GMER. All programs identified somewhat different entries and all were able to remove what they found except for Sophos. At this point Sophos is the only sweep that comes up with positive hits. To be more specific my current problem is that while Sophos recognizes the infected files, it is not able
  8. I discovered a rootkit on my system a few days. I just this new system and had yet to set up anti-virus software. I ran several anti-rootkit programs. These included Malwarebytes Anti-Rootkit, Windows Malicious Software Removal Tool July 2013, Sophos Anti-Rootkit, Norton Power Eraser and GMER. All programs identified somewhat different entries and all were able to remove what they found except for Sophos. At this point Sophos is the only sweep that comes up with positive hits. I sent in a log and I received some analysis which I attached to this post along with the log that they recevied
  9. I run malwarebytes as a routine check-up on a regular basis on my XP computer and this time it popped up a malware file called adware.domianIQ which it killed off. So I ran spybot S&D to confirm nothing else was missed and it popped up a directory folder under my application data called "conduit", which it said was related to the win32.downloader.gen malware. It did not actually find that malware file, and the folder was deleted. (The folder appeared to have been created around 2010) I decided to run malwarebytes anti-rootkit as well to doublecheck everything was OK, and I've used it b
  10. I did a a scan with malwarebytes and got this: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.06.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] Protection: Enabled 7/11/2013 2:58:40 PM MBAM-log-2013-07-11 (15-13-39).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 216779 Time elapsed: 2 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicio
  11. Hi, Since my computer is lately running too slow, I suspect I got infected by a virus or anything similar. Please find here my DDS and Roughkiller logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16611Run by Luis at 15:26:37 on 2013-07-03.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\Explorer.EXEC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\system32\DllHost.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Windows\system
  12. Hi thanks in advanced for reading this. I have some type of malware that is redirecting me to advertisements when I search in Google. Here are my DDS logs. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16618 BrowserJavaVersion: 1.6.0_22 Run by Owner at 21:02:08 on 2013-06-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.3956 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/
  13. Hey, I don't even known if I'm posting this in the right place. I know fairly little about computers, but recently, after having security certificate authentication issues, it came to my attention that I had a ZeroAcces rootkit. While I know that it's usually recommended to reformat, I was really hoping to avoid that issue. I was fairly sure I knew when the rootkit infected me, and so I figured before reformatting I should give restore points a start. After restoring the system, everything seemed fine. MBAM no longer detected any threats, TDSSkiller no longer reported any threats. The only thi
  14. My wife's laptop has become infected over the last couple of days. I believe she either clicked on a rogue link on a Facebook page or a rogue holidays email. Before posting here I have tried unsuccessfully to remove this with malwarebytes and various scans with MS security essentials. Malwarebytes found Malware.packer.T, Rogue.ErrorRepair.Proffessional, Rootkit.0Access, Trojan.Zbot, Malware.Packer.VDG (x2) I can sometimes find these files but they keep on coming back. For DDS CCleaner disabled, internet disabled, MSE realtime protection disabled............................ please find Attach
  15. Greetings, Malwarebytes forum. My name is Erik, and here is my problem: My computer was playing ads in the background, loads of them at once, whenever I started up my computer. This was a couple of days ago. I restarted in safe mode, ran Malwarebytes, ran Spybot, but still had problems. Some forums suggested some stuff that I ran, but realise was perhaps not the best choice, as this forum recommends not running any temporary file cleaners yet (which was then unknown to me). I ran TDSSKiller, which found a harbinger rootkit and removed it (it says). I ran SystemLook. I clicked a link from
  16. Tried to clean with multpiple programs before reading the forum instructions not to do that, so hopefully I havent done even more damage. One issue that triggered my suspicion of malware was that MS Outlook crashed and now it will not load. It gives me an error everytime I try to open it. Anyway MalwareBytes, which I used first, detected a rootkit along with 39 instances of malware, such as Trojan Agent (including Backdoor). I've tried multiple times to delete the infections, but it keeps returning. If I run it in SafeMode and then run it again it seems to be ok, but if I run it from a normal
  17. hello, I know for sure that is some sort of rootkit because i just formatted the PC twice in a row, only the local disk for the windows, and i still get pop ups from MB with 'blocked acces to a potential malcious website although i am mindining my own business on youtube.(no toolbars or peer to peer soft. on my pc), i even reinstalled google chrome( unininstaling it with revo)a dozen. of rimes already.. and all i got from all the scans was zero.. dds.scr & dds.com don't work, i leave them alone for 14h and they still say 'two logs will be created on your desktop'... I have remade my accou
  18. hello, I know for sure that it some sortof rootkit because i just formatted the PC twice ina row, only the local disk for the windows, and i still get pop ups from MB with 'blocked acces to a potential malcious website although i am mindining my own business on youtube.(no toolbars or peer to peer soft. on my pc), i even reinstalled google chrome( unininstaling it with revo)a dozen. of rimes already.. and all i got from all the scans was zero.. dds.scr & dds.com don't work, i leave them alone for 14h and they still say 'two logs will be created on your desktop'... I have remade my account
  19. Sorry not a computer person so if you need more info let me know After scanning with avg free 2013 detected 5 anti rootkits I tried putting these in sites to see if they were false positives but when I open the direction the .sys file doesnt exist. AVG says to delete the files I need to reboot but on the next scan they are back. Please help.... Does this mean someone is accessing my laptop or is it a AVG error files appear like this "";"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spxr.sys +0x625DC, C:\Windows\System32\Drivers\spxr.sys";"Infected" "";"pci.sys, hooked import ntoskr
  20. Hello, My PC might be infected and has been running very slow. MBAM quick and full scan freeze and i have to kill the process. I did run the MBAM anti rootkit and chameleon process and it reported that there was no inspection but I suspect that the PC is still infected. I added the exclusions for MBAM and MSE, but still the quick scan freezes. I have deleted and re-installed MBAM a dozen times, still the same result. Should the quick scan take more than 10 hours to complete? Microsoft security essentials did find TrojanDownloader JAVA: toniper, Exploit:Java/CVE-2012-1723!jar and says its remov
  21. Hello, I have an annoying issue, I recently got rid of an annoying re-direct virus around 1-2 weeks ago. A day or two later I started noticing Internet Explorer (IE) as an active process in Task Manager, even though I did not have it actively pulled up. The name of the website also changed, and sometimes there were 3 or 4 different IE processes pulled up. Occasionally I would encounter audio ads. I was unable to try and end the process like you would normally end any program that was not responding or was slow to exit normally. I had to go to processes in order to exit the ads out, however wit
  22. I have run in installed version of Lavasoft AdAware as well as an online scan of Dr Web Cure-it, and I just ran the Malwarebytes scan (which found some trojans) to remove a nasty redirect infection in all my browsers (FF, IE, Chrome). The infection remains and all Google SERPs only redirect to ads. I have run DDS and the two logs are saved to my desktop. As per the "Attach" text file instructions, I am NOT including that report below until directed to do so. Below is the dds.txt report (personal info redacted). Can you please help? Thanks in advance! DDS (Ver_2012-11-20.01) - NTFS_x86 In
  23. Hello. I recently ran Spybot Rootkit Scan on my computer which discovered PhysicalDrive0 as a possible rootkit scan. However, Malwarebytes Anti-Malware scan does not discover this possible threat. I did recently discover a virus on my computer which has since been removed. Though the system seems to run much better now, I am concerned that there may still be an infection. Please help. Thank you, Travis GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-16 20:53:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT721010SLA360 r
  24. The most obvious issue that I am having is when windows starts up the taskbar and desktop icons appear but shortly disappear and the computer becomes unresponsive. (I am in safe-mode as I write this post) Any help would be greatly appreciated! Thanks in advance. dds.txt attach.txt
  25. So, yesterday I turned on my computer and when I came back to it, it had restarted, with a message from Microsoft that it had recovered from a serious failure, and when I closed the dialogue box, it sent me to wer reporting, with the following message: Your computer experienced a problem that was caused by spooldr.sys. This product might be malware. It recommended running MSS, which I did, and it found nothing. In addition, I ran a antivirus check (Webroot) and a Malwarebytes sweep. Neither found anything. From reading around on a couple of sites, I've noticed its a rootkit issue that might
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.