Jump to content

CLB driver infection


trmaxe01

Recommended Posts

I have a laptop that has become infected with XP Security Tool 2010. It won't allow be to install Malwarebytes to eliminate the problem. I followed the suggested steps in the Self Help thread titled MBAM wont install or will not run.(TDL2 Rootkit-WinNT.Alureon), TDSS/Seneka/UAC/ovfst/kungsf/SKYNET/MSIVX/H8SRT/4DW4R3+ others listed. I installed an ran the rootrepeal program, but was unable to locate the TDL2 driver I needed to wipe. Posted below is the report from my rootrepeal scan. Any help would be greatly appreciated. If the TDL2 driver is not listed below, what are my other options for getting around the virus to install Malwarebytes so I can remove it? Thanks in advance.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/03/31 01:00

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: c:\system volume information\catalog.wci\0001000b.ci

Status: Size mismatch (API: 310444032, Raw: 293666816)

Path: c:\system volume information\catalog.wci\0001000b.dir

Status: Size mismatch (API: 1572864, Raw: 1441792)

Path: c:\system volume information\catalog.wci\0001000d.ci

Status: Allocation size mismatch (API: 161284096, Raw: 467140608)

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\BlendablesZoombox.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\BlendablesZoombox.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\XamlViewer_v0300.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\XamlViewer_v0300.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\XbapTest.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\XbapTest.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\IdentityMine.Windows.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\IdentityMine.Windows.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\IdentityMine.Windows.Essentials.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Robert Maxey\Local Settings\Apps\2.0\7HWNVHPT.6O4\8R860J5D.X8K\manifests\IdentityMine.Windows.Essentials.manifest

Status: Locked to the Windows API!

==EOF==

Link to post
Share on other sites

Hello trmaxe01 ,Welcome to Malwarebytes.org

As we don't work on Malware removal or diagnostics in the general forums we ask you to follow the directions below for an expert to assist you -

Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.