Jump to content

I think im infected with bootkit or something


Recommended Posts

Hello and post-32477-1261866970.gif


P2P/Piracy Warning:


If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.




Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.


Let me see those logs in your next reply...



Link to post
Share on other sites



Malwarebytes Anti-Malware
Scan Date: 28.9.2014
Scan Time: 8:31:47
Logfile: Mbam log.txt
Administrator: Yes
Malware Database: v2014.09.28.02
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kok
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293776
Time Elapsed: 4 min, 58 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 5
PUP.Optional.StmSetup, C:\Users\kok\Desktop\CamStudioSetup_v2.7.2.exe, Quarantined, [5431529d0477e84ee24bb343b94b23dd], 
PUP.Optional.StmSetup, C:\Users\kok\AppData\Local\Temp\ICReinstall_CamStudioSetup_v2.7.2.exe, Quarantined, [d9ac13dc4a31320477b64da911f340c0], 
PUP.Optional.StmSetup, C:\Users\kok\AppData\Local\Temp\Temp1_CamStudioSetup_v2.7.2 (1).zip\CamStudioSetup_v2.7.2.exe, Quarantined, [622328c768139f979a93b34340c412ee], 
PUP.Optional.StmSetup, C:\Users\kok\Downloads\CamStudioSetup_v2.7.2 (1).zip, Quarantined, [2164925db9c26bcbc26b6f873bc9f50b], 
PUP.Optional.StmSetup, C:\Users\kok\Downloads\CamStudioSetup_v2.7.2.zip, Quarantined, [b3d234bbfb80f73f121b42b434d0c040], 
Physical Sectors: 0
(No malicious items detected)


Link to post
Share on other sites

RogueKiller log is clean, no sign of bootkit or rootkit infection, continue please and run the following:


Download TDSSKiller and save it to your Desktop.

Make sure TDSSKiller.exe  is on the Desktop itself, not within a folder on the desktop.

Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
If Malicious objects are found, do NOT select Delete or Cure. Change the action to Skip, When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.



Scan with Gmer rootkit scanner


Please download Gmer from Here by clicking on the "Download EXE" Button.


  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
            Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running Programs as well as your Browsers.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.


Please post the content of the ark.txt here.




Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


**If GMER crashes** Follow the instructions here and disable your security temporarily…


Let me see those logs....



Link to post
Share on other sites

Download tfc_icon.png TFC  to your desktop, from either of the following links





  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.


TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important




Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number




thisisujrt.gif Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


let me see those logs, also tell me if there is any improvement...



Link to post
Share on other sites

The logs produced from the scanners used are not indicating any specific malware or infection. Maybe the best way forward is to run a "Clean boot" and see if any services outwith Windows are possibly having an effect on the system...


Go to this link: http://support.microsoft.com/kb/929135 expand the section relevent for Windows 7, set up for a clean boot. Basically all services outwith Windows will be turned OFF, see how it responds after a reboot. Ensure any Security that possibly shows in the list is not turned OFF...


Let me know if that makes any difference...



Link to post
Share on other sites

That would seem to indicate one of the 3rd part services is having an effect on your system, it will need to be identified. The instructions regarding identifying the problem service(s) are at the link I gave earlier..


Basically it is a process of elimination until the problem services is found. Repeat as you did previously, ensure all MS services are hidden, enable half of the non MS services then re-boot. If the issue does not return do exactly the same again, this time only enable the bottom half of non MS services.

If the issue returns we know the issue is in the bottom half, so you now repeat again but only enable half of the bottom half. Keep doing that until you isolate the problem sevice(s).


Let me know how you get on, I know it is a laborious task but it will locate the issue.



Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.