Jump to content

help rootkit.trace


Recommended Posts

Hi,

hope someone can help i am infected with a rootkit.trace malwarebytes deletes this after a scan but as soon as i reboot it comes back. I can not install hijack this, this is my lattest malwarebytes log file.

Thanks for any help.

Malwarebytes' Anti-Malware 1.34

Database version: 1883

Windows 5.1.2600 Service Pack 3

20/08/2009 9:00:06

mbam-log-2009-08-20 (09-00-06).txt

Scan type: Quick Scan

Objects scanned: 67928

Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

Link to post
Share on other sites

I have this same issue.

It started with Malwarebytes not being able to execute.

Then, I followed the recommendations and renamed the executable, and I had to do this in safemode,

and it finallly worked.

However, everytime I run Malwarebytes, I get this same issue

Rootkit.Trace Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\UAC

suggestions?

Link to post
Share on other sites

Hi nez101 and Welcome to Malwarebytes! Hi Jimmya57 and Welcome! Jimmya57 please start a New Topic.

OK,,,, nez101,

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.