Jump to content

rootkit issues


EMTI
 Share

Recommended Posts

Hi,

I Got the same problem with one of my customer computer.

What i found, is when we try to open mbam.exe or combofix, or any other program that can help to clean spyware, when you start the scan, the program close automatically, and the spyware / virus reset the security settings on the files used to Everyone. (security tabs on files properties)

If you reset back the security on your files (like mbam.exe) to your account name with full rights (Occurs only on NTFS partition), you are now able to re-execute the software (like mbam.exe). When you restart the scan, oupss, it's not working again and the security reset again to Everyone.

after many hours of triyng everything possible, I try this:

Remove the hard disk from the infected computer.

install the hard drive on a clean computer.

scan the attached hard disk with malware bytes. (dind't found anything)

scan the attached hard disk with kaspersky (dind't found anything)

scan the attached hard disk with SuperAntispyware (didn't found anything)

scan the attached hard disk with nod32 - didn't find anything

for combofix - not try because can't specify a drive letters other than c: to scan

So i will wait until next monday if can find a solution. If can't i will reformat the pc and re-install all the stuff... :)

Link to post
Share on other sites

  • Staff

Hi,

Download and run Win32kDiag:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.