Jump to content

Search the Community

Showing results for tags 'rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. HI.....Im kinda sure it is a rootkit that is in my firewall because it has just started turing off randomly doing it for a week now.. I have ran malware bytes, kaspersky rescue disk, avg, and malwarebytes anti rootkit, and nothing has came up at all. But i havent tried to run malware bytes antirootkit in safemode with networking should that maybe be able to find the rootkit at least i think it is a rootkit.... Bascially the rootkit is hidden really good or something is really messing up my computer... My pc is windows 7 64 bit, on newest windows updated...please help..
  2. Hello I've been getting attacks for a while but recently prevented myself from it and now I think I may be under attack again. Some of the security certificates on sites seem fake and I think someone did it from my account when I log onto a certain account. "http://www.google.com/url?sa=t&rct=j&q=pseudo%20calm%20topstocks&source=web&cd=1&cad=rja&ved=0CDEQFjAA&url=https%3A%2F%2Fwww.topstocks.com.au%2Fstock_discussion_forum.php%3Faction%3Dshow_thread%26threadid%3D846012&ei=O6gAUffZM6TQmAXVmIHQAg&usg=AFQjCNFOTjpyvbHmwI5jM01u6SADopP-cw&bvm=bv.41248874,d.dGY
  3. Hey everyone! This morning I woke up to my PC having lots of programs (such as Skype) frozen, the Kaspersky PURE 2.0 tray icon being grey with the label "Required modules have been unloaded from memory" and many programs failed to open TCP connections until a reboot. I immediatly ran a Kaspersky scan and a MalwareBytes Anti-Malware scan, which both couldn't find anything of interest. Afterwards, I downloaded GMER which showed me something more interesting (Screenshot attached) - many psapi.dll functions seem to be hooked, which to me looks a lot like a rootkit. Sadly, I could not restore the o
  4. I have removed this infection twice I think with combofix, but I must be wrong because it keeps reappearing. It does nothing to my desktop, and Spybot notifies me each time I start the computer up that it's trying to delete my CMD, taskMGR, drivers, and a few other components. I simply click deny and remember that decision. It is a redirect infection. I have conquered it and been without redirection for the rest of the day, but every time I restart the computer it seems to reinfect my machine. I have scanned multiple times with TDSSkiller, Malewarebytes, and Rougekiller, as well as Combofix
  5. I have tried using Malawarebytes to remove the Alureon rootkit, but it appears to keep surviving. Please help. The DDS and Attach files are attached. Please let me know if I need to include them in the text of my message. Thanks. In advance; I appreciate your support in helping me fix my computer. E071460 attach.txt dds.txt
  6. I have the 3 nasty viruses that I'm having trouble getting rid of and was looking for some help. attach.txt dds.txt mbam-log-2012-12-11 (15-54-35).txt
  7. I have the 5 nasty viruses that I'm having trouble getting rid of and was looking for some help. I ran MBAM 3 times with unchanging results except for the first scan which removed several viruses. AVG Resident Shield Alert shows 2 threats detected. - Trojan horse Generic29.ANPX - Trojan horse BackDoor.Generic15.CGSY MBAM shows 3 threats detected - Trojan.Dropper.BCMiner - Rootkit.0Access - Rootkit.0Access
  8. I updated Windows more than a month ago, and it's been unsuccessfully trying to install the update ever since. It keeps restarting, telling me it couldn't install the updates, then wanting to restart again. I've done all the Windows troubleshooting I can find, and still no luck. I haven't noticed any other problems...well, I suppose every now and then my torrent application stops working, but that's about it. You guys have been able to help me before and I was hoping you could do the same again (yeah; guy gets a virus, you fix it, he gets a new one). By the way, this is the most helpful place
  9. I've recently been recieving incoming connections from foriegn IPs(Europe) over port 22028. MBAM blocks these connections prompting "Incoming connection from 85.x.x.x blocked; proc:"scvhost.exe". I'm worried about any other vulnerabilities this rootkit might exploit. I've tried TDSS and combofix but to no avail. I have a report generated for DDS and roguekiller.
  10. I have a re-occuring virus that one of my co-workers put on my computer a few months back and it keeps coming back after a certain period of time. It leaves traces as well (e.g disabling windows update, not allowing windows firewall, disable defender update, deleting system restore points, etc) which I have been able to fix (except for enabling MBAM malicious website blocker and system restore points) for the most part, but have it is still on the computer and I have not been able to remove it. Most recently, Windows Defender found this virus called Trojan:Win32/Sirefef!cfg (http://www.microso
  11. Hello, My avast! antivirus caught a rootkit in my computer and I have tried deleting the infected file(s), but it just keeps on showing up. Also I have tried to do a system restore before a time that I think had infected my system. I have also used malwarebytes and it is currently showing 2 objects being detected. I have created dds and attach .txt files so if anyone could help me out I would really appreciate it. Thanks! attach.txt dds.txt
  12. I've never had to make a post on any forum before and usually refer to the self help sections, but what is going on right now is beyond me. I think it all began when I got Diablo 3, my account got 'hacked' and I lost all my gear. I didn't really care and allowed my blizzard account to become locked due to the security issues. I figured that since I had no interest in playing any game by blizzard anymore, I shouldn't have any problems. (on a side note, a guy from china added me and some other diablo players, none that I know. I suspect this person to be the culprit, though what can I do?) Guild
  13. Hi, I'm trying to figure out if this is a real file or not. Since my last windows update, AVG has been detecting this file windows\system32\drivers\spxp.sys as a rootkit, and yet when I ran malwarebytes, there wasn't any. Searching the file name on google didn't turned up anything concrete. Is this an actual system file or a malware? If so, how can I remove it? It doesn't seem to be affecting the system or web browsing, but I'm worried it might be a potential time bomb. Thanks for the help.
  14. Okay... I recently did a clean reinstall of windows for this exact reason. I have a rootkit.0acces/rootkit.0access.64 infection, as well as Trojan.BCMiner or dropper, I can't remember. The reinstall eliminated the problem for a while, but yesterday I began having issues with Google-related services again. As of now I can't even navigate to the main website. ( http://puu.sh/1ct8c ) I am also experienceing problems (as before) with windows services, Bonjour and the like no longer work correctly. I apologize for not following normal procedures (as far as checking for existing threads) but I'm fr
  15. User has the Trojan Win32 Sirefef rootkit. I have attempted to run dds.com on the users system, but I am getting the error "dds.com is not recognized as an internal or external command, operable program or batch file." Any ideas what I can do next? Ben
  16. Hello I know your all busy so I'll keep this as short and as easy to read as possible. I have a rootkit that's been here for a while. I've been keylogged, monitored, lost admin rights had the bsod so I physically replaced the ram, wiped my hdd several times, gone into bios and flashed from there antivirus has stopped before finish, reads infection as clean and can't update, new anti virus doesn't pick up anything, virus is written to mbr windows can't pick up, worms itself through drivers and replaced gfx card, I have a tv and stb that I can't connect yet to the Internet because when I purchas
  17. Hi guys, My exgirlfriend spent some time with my laptop and now I am infected with this rootkit. I would like to clean it. It redirects to google.com/webhp Also, sometimes uwanted urls pop up, and I think it is part of the same problem. I already used my installed tools and it didn´t work. I run windows 7 Home Premium Service Pack 1 Avast Free antivirus (for some reason, some features are deactivated and I cannot enable it again). Spybot search and Destry Spywareblaster Zone Alarm free firewall I already runned my antivirus (before starting windows) and the anistpyware but the probl
  18. I did make this post under a different name but i didn't really give any info on what exactly was happening. Well one thing you should know is the mbam pro trial has been activated, not sure how that happened but last night it started blocking a lot of different ip's and i believe some were the same! i print screened one so here is an example.. Successfully blocked access to a potentially malicious website: Type: incoming Port: 56717, process: pmb.exe some were also svchost.exe i found a list of the ip's so here they are 77
  19. Im not sure whether this is because of the free trial that randomly activated or not but this has never happened before today and im skeptical of what it could be, i keep getting a lot of pop ups saying a site has been blocked so here's my DDS thing.. Ok so just today randomly i have been getting pop ups saying malwarebytes has blocked malware sites in the bottom right of my screen and i have been looking on the internet and it looks like its a sign i'm infected so heres the dds thing.. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Jos
  20. DDS Scan Below. Thanks. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by jeffrey at 12:33:33 on 2012-09-11 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5934 [GMT -4:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS
  21. Popped up in Avast Scan. Cannot be deleted or moved to chest. Repeating Avast warning of 'Malicious URL blocked'. Cannot run TDSS or aswMBR. No other PC to burn CDs on. Any ideas?
  22. I think I've been hit by both a Trojan backdoor virus, as well as rootkits(?). I have Malwarebytes Anti-Malware try and get rid of them, and each time I do another scan, they appear again. I've done almost everything that the other threads involving these two problems. Here, I have included the DDS.txt, the Attached.txt, the RogueKiller log, and the Malwarebytes Anti-Malware Scan Results. DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Admin123 at 23:04:28 on 2012-08-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1424 [GMT -4:00] . SP:
  23. Hello, I'm posting this remotly since the problem is not in my actual computer, I've run microsoft security essentials and malwarebytes software, both have found a number of trojans and rootkits. While I've deleted all of them (as far as I can tell) I ran the dds tool and found a huge number of things running, however I'm unsure about whether or not the computer is still infected. Also one of my main concerns is the fact that my start menu and desktop are all messed up, most icons and links are missing and I have no idea on how to restore them, if anybody could help me I would really appreciat
  24. Symantec gave me a warning of a trojan.zeroaccess!inf but was unable to remove it. This particular bug apparently installs new malware on the PC even after running various anti-malware programs to rid of the previous malware. I am using Windows 7 Home Prem. 64-bit SP1 with Intel Core 2 Duo processor t6600 2.2 GHz (each) [sony VAIO - VGN-NW270F ]
  25. Hello Malwarebytes community! A friend came to me the other day, she is a co-worker and simply stated that her computer was acting strange. After looking it over, her Symantic Endpoint Protection virus protection kept popping up saying it has detected Trojan.ZeroAccess (and sometimes Trojan.ZeroAccess.C) rootkit and has deleted it. However after a few minutes it comes back up with the same message. By the way, she is running Windows 7 PRO SP1. I have tried multiple virus removals to no avail. MBAM, SuperAntiSpyware, and Kaspersky. With Kaspersky it said that system32\services.exe was infected,
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.