Jump to content

unable to run rootkit detector


Recommended Posts

Hi,

My computer appears to have a virus, probably a rootkit. I say this as mBytes only runs if the rootkit detector is disabled.I am also unable to run CCleaner and any other diagnostic tool. My computer runs up to BIOS and then I have to override the Boot to get to a 'working' C drive. I have also tried downloading TDSSKiller but it won't run despite saving it to the desktop and renamimng it. Bios reports that my SSD has a/ some bad sectors and needs to be replaced, however programmes that are already on the C drive do work, office etc and I have rebooted many times in the past 24 hrs so I am inclined to think that if I can get rid of the infection the SSD will be OK. Any help gratefully received

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Hi, Windows 10 64, open up frst using admin priveleges

On booting up the computer goes straight to BIOS (ROG Maximus Ranger VII) Im told that the SSD has failed SMART(SMART Status Bad, Back up and Replace.

PRess F1 to set up.

The only way then to get the computer up and running is to go to the Boot page and select BOOT Override and select SSD.

Computer then runs up to exactly the same state as when it was initially frozen some 24 hours ago. There is a message on the screen which says Malwarebytes was unable to load the Anti Root Kit Driver, this error may be caused by rootkit activity. Do you want to reboot the system and attempt to install the driver. with  yes/no buttons. By clicking on Yes the system boots up in exactly the same way to the same point. Clicking No allows use of everything however a run of malwarebytes does not include the rootkit driver. As soon as I click no I get a message that says that malware bytes needs to be updated. I have updated it but each time I reboot I get the same message which suggests to me that the c drive is somehow locked. This is also why the programs that you have suggested have not worked. However I am open and willing to be wrong in any assumption I've made

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Hold down the Shift key and boot your computer. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt" ensure to plug the flash drive into an open USB port...

Continue with the following:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Thanks,

Kevin...
Link to post
Share on other sites

I checked using read only mode, ive just run it again and have taken a pic on my phone shall I send that? SSD is 14 months old.

 

what is the correct procedure to fix the errors

I typed in chkdsk/r and I received chkdsk cannot run because the volume is is use by another process. Would you like to schedule this volume to be checked the next time the system restarts Y/N

Pressing Y just restarts without fixing, N gives the prompt back, then I typed in chkdsk on its own and it comes up with the errors

Link to post
Share on other sites

I`m here but am leaving very shortly, will be back in approx  45 mins...

Do you have an installation DVD, if not a windows 7 rescue cd can be created in Windows 10, that will boot to advanced options in windows 10, from there command prompt is accessible to run FRST from USB stick...

Open Control panel (icon view) select 2Back up and restore (windows 7)" from there you can create a rescue CD, command prompt will be accessible via that cd....

Back shortly...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.