Jump to content

Recommended Posts

Hey guys, sorry about necro-ing this thread but I do have the exact same issue as EniNeu

A scan with GMER reveals this as well :

Service  C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** )
[BOOT] WdBoot        <-- ROOTKIT !!!

Service  C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** )
[BOOT] WdFilter        <-- ROOTKIT !!!

Service  C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden ***)
[AUTO] WinDefend    <-- ROOTKIT !!!

I am wondering if I should attempt deletion through GMER or if there is a better way.

Just in case this might be a false positive I've attached a log of the complete scan.

Thank you in advance

CHRONOS gmer scan 03.05.17.log

Link to post
Share on other sites

Thanks for moving me to a separate thread ! :D

so I did run the complete scan and then reboot. Now GMER is instead showing me this, running a full scan now and also rescanning with the Malwarebytes Rootkit utility ! 

whoopsie.png

Link to post
Share on other sites

Quick update, the computer gave me a BSOD when I attempted a GMER full scan.

And when I rebooted it showed me this (pic related).

I'm now attempting a MalwareBytes rootkit utility scan first before attempting another GMER !

Sorry again for the trouble 

welp.png

Link to post
Share on other sites

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.