Jump to content

Win32:Rootkit-gen Removal


Recommended Posts

Hello, about two days ago I tried to download some music through a site.  After he download finished, though, I was bombarded by popups and new search bars, and the usual adware.  I instantly ran malware bytes and scanned my system, malwarebytes found about 2 thousand PUP viruses and and several rootkits (look at scanlog 1 file).  After the reboot, I then ran malwarebytes again because a search bar remained on my desktop that was obviously a virus. The scan found several more PUP's (look at scanlog 2 file).  At first, I thought that it was all over, but then I noticed how many of my desktop icons and permissions had been tampered with, whenever I try to open an app, such as the calculator, the message, "the calculator app can't be opened with a built in administrator account. Sign in with a  different account and try again." This is when I discovered that my rootkit was not completely gone.  I subsequently researched more scanners that could identify the rootkit, I downloaded avast, and it identified the name of it, Win32:Rootkit-gen. Unfortunately, it was not able to remove it, and gave me the error message, "error: the system cannot find the file specified."  I then researched Win32:Rootkit-gen and came across a plethora of anti-rootkit scanner's.  I have tried the following: malwarebytes' anti rootkit, Kapersky's TDSS killer, Winders defender online, Avast's anti rootkt, and GMER.  All failed, but I must note that when I ran GMER, twice mid way through the scan, an error message that was just a large image and not by microsoft, popped up saying I must restart my computer, and then forcefully restarted my pc.  I also ran super anti spyware and found about 300 issues(see super anti spyware log file).  Any help would be much appreciated, and I am willing to try all of these programs again, if needed. Also, I have uninstalled my torrenting program.

 

Thanks

 

-Brian 

scanlog1.txt

scanlog2.txt

SUPERAntiSpyware Scan Log - 01-13-2016 - 09-53-53.log

Link to post
Share on other sites

  • Staff

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Upload it in your next reply.
Link to post
Share on other sites

  • Staff

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and upload your next reply.
Link to post
Share on other sites

  • Staff

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

  • Staff

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner



2eyjdoj.png Check Disk
chkdsk C: /r
  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.



2eyjdoj.png System File Checker
  • Press WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • sfc /scannow
  • Windows will begin with system scan.
  • When done, please reboot your system.

System File Checker report:

  • Press WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
  • Attach sfcdetails.txt from your Desktop in your next reply.
Link to post
Share on other sites

Ok, well I greatly appreciate the help you have provided me with, and I will be sure to donate for your services over these last couple days in the following weeks.  I just have one question, what exactly will I lose when I reinstall windows 10?  I know how to do it, I am just wondering if all of my personal files will be deleted.

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.