Jump to content

Recommended Posts

Hi all. I've have symptoms of some nasty malware. McAfee is able to find NTOSKRNL-Hook (though error messages pop up trying to get me to abort the scan). McAfee has not been able to eliminate the problem.

I downloaded Malwarebytes and it installs, but the setup program freezes before it would (I assume) prompt me to start malwarebytes immediately. Attempts to run mbam.exe (including renaming this file) have failed.

I have read through these instructions but I wanted to seek guidance before running RootRepeal.

Link to post
Share on other sites

Greetings and Welcome :D .

If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:

If you aren't able to use those instructions or there are other issues then please follow the instructions here:

I'm infected - What do I do now?

And post your logs in a new topic here:

Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal or scanning tools except those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.

If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing. :)

Link to post
Share on other sites

I tried all the options listed here including RootRepeal and all failed-still could not run mbam.exe. After each option, it gets more difficult to run the others. Google Desktop did find files UAC* in windows/system32 but could not remove them manually. :D

Link to post
Share on other sites

I have some additional information. Just like handbanana McAfee also found NTOSKRNL-Hook and claimed to have removed it.

Finally got to run mbam.exe by uninstalling and reinstalling (paid version). Had to rename the setup file to winlogon.exe for it run as well as the mbam.exe.

mbam found some stuff and removed them but said it could not remove all them and will try to do so at restart. But still having same problem with running mbam.exe without renaming.

Subsequent runs of mbam returns the following:

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Files Infected:

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.

When click to fix, rerun still returns infections.

Link to post
Share on other sites

Another finding: My last scan was better. I was able to run mbam.exe w/o renaming. This time it was only left with:

C:\WINDOWS\system32\uacinit.dll that it could not remove (to remove on reboot but it does not).

When I run rootRepeal I get:

Could not read the boot sector. Try adjusting the Disk Access Level in the Options dialog.

Got this msg several times than got:

13:08:05: Warning - could not read Windows kernel using raw-disk reading!

13:08:07: Could not find module file on disk!

13:08:09: Could not find module file on disk!

13:08:10: Could not find module file on disk!

Tried all the Options up to High Level

Trying to Scan Files gives the same: Could not read the boot sector. Try adjusting the Disk Access Level in the Options dialog.

Can this be used or anything else I can use to remove these UAC files. Goolgle Desktop sees 3 UAC files but they are .dll extensions under Windows\system32.

Also, every 30 minutes or so IExplorer is launched in the background (see it in Process Explorer) and plays audio advertisement!

Please help!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.