Jump to content

Rootkit infection (google redirect)


Recommended Posts

Let's try last:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

ESET Log....

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=7.00.6000.17023 (vista_gdr.100222-0012)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9ca1ae75e3c8bd47b978bc711879a4f6

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-05-15 04:33:32

# local_time=2010-05-15 12:33:32 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=4866 16775141 100 100 0 76229105 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=135028

# found=0

# cleaned=0

# scan_time=10853

Link to post
Share on other sites

It seems your system is clean. :)

Last steps:

Step 1:

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2:

Please manually delete DDS and GMER.

Step 3:

To enable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 4:

Please download and install the latest version of Adobe Reader from:

www.adobe.com

Step 5:

Some malware preventions:

http://miekiemoes.blogspot.com/2008/02/how...nt-malware.html

Safe surfing! :)

Link to post
Share on other sites

Thank you very much!

A couple questions; did i have a TDL3 rootkit? My understanding is it usually attaches to atapi.sys or print spool; i don't recall touching those (or did the combo fix go after that).

Also, one of the combo fix script commands had what looked like files related to CA Antivirus; should i be concerned there?

Again, thanks a ton. I'd like to make a donation, but i don't have paypal; any other methods?

Thanks

V

Link to post
Share on other sites

A couple questions; did i have a TDL3 rootkit?

No, it was not TDL3. Don't worry! :)

Also, one of the combo fix script commands had what looked like files related to CA Antivirus; should i be concerned there?

Malware has been left a space between the filename and extension, thereby preventing its launch.

Again, thanks a ton. I'd like to make a donation, but i don't have paypal; any other methods?

Sorry, no other way. Don't worry! Thanks for your responsiveness. Instead, go out and celebrate the good work. :)

Final question; the defogger did not ask me to reboot (it didn't when i disabled either). Should i reboot? Any concerns there?

Try to reboot it manually.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.