Jump to content

Help also! RootKit.0Access

planex

By planex
in Resolved Malware Removal Logs

 Share

Recommended Posts

MrCharlie

MrCharlie

Posted
Posted

Download these reg files to your desktop:

http://download.blee...es/7/mpsdrv.reg

http://download.blee...es/7/MpsSvc.reg

http://download.blee...vices/7/BFE.reg

http://download.blee...es/7/wscsvc.reg

http://download.blee.../7/wuauserv.reg

http://download.blee...ices/7/BITS.reg

Now double click on each one and allow it to merge into the registry.

Reboot and run another FSS scan. MrC

Link to post
Share on other sites
  • Replies 67
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

planex

planex

Posted
  • Author
Posted

Additionally, I used to have my computer set up to stream video through my Xbox 360. I was still able to do this after the malware hit, but since we've bean applying fixes somewhere along the way my Xbox stopped being able to see my PC. This will need to be addressed as well. Thanks!

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Back up the registry before you attempt this:

http://www.geekstogo...ry-using-erunt/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Open the registry editor and navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent.

Right-click on subkey "Persistent" and select "Permissions...". In the permissions dialog select "Add...", then "Advanced...", "Find Now", select "Everyone" and "OK".

"OK" once again and in the permissions dialog select "Full Control". Do the same for

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\BootTime\Filter.

Afterwards you should be able to start the Base Filtering Engine.

Let me know, MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted
C:\Windows\System32\Drivers\tcpip.sys

[2012-09-11 13:52] - [2012-08-22 11:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)

http://www.virustotal.com/

C:\Windows\System32\Drivers\tcpip.sys

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Looks OK, would you mind running ComboFix again > there's a chance you may loose you connection again.

Please create a new system restore point first before you run it.

Delete your copy of ComboFix and download a fresh one and this time run it in safe mode

http://www.bleepingc...nload/combofix/

Please post the log when done, MrC

Link to post
Share on other sites
  • 2 weeks later...
  • 3 weeks later...
  • 3 weeks later...
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.