Jump to content

Recommended Posts

Our office e-mail network had previously been identified and blacklisted by Barracuda as spaming. When communicating with barracuda I learned that there had only been one spaming attempt made in the last 30 days.

Barracuda said they would change our status, conditionally remove us from the blacklist, and monitor our e-mail. To try to remove the source of the spaming, I downloaded the latest version of MBAM and began to check our computers. MBAM was downnloaded to a flash drive, installed and updated one at a time on each computer.

So far, some have had a few malware items to remove, some none, and one that I am now stuck on will not install and/or update. It seems to install (ie it puts the shortcut on the desktop) but it will not open the program.

I then loacated "MBAM wont install or will not run.(TDL2 Rootkit-WinNT.Alureon), TDSS/Sen/UAC/kungsf/SKYNET/H8SRT/4DW4R3/_VOID/PRAGMA+ others listed" <http://forums.malwarebytes.org/index.php?showtopic=12709>. Following the guidance there, I downloaded, installed and ran Rootrepeal. The log follows:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/10/15 16:19

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

I did not locate a "what to do next" topic for this but did locate the following post/reply, so I am posting a new topic as indicated.

Thanks in advance of the help.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

"Rootkit versus malwarebytes, root kits

Feb 1 2010, 11:51 PM Post #1

New Member

Group: Members

Posts: 2

Joined: 20-May 09

Member No.: 13,970

Hello everyone!

I think my system has a really nasty root kit installed. I have tried to use rootrepeal however it did not find anything other then hiberfil.sys which I beleive is part of Widows. I can't run MWB or HighJackThis as well. They just shut down when you try to run them. Even after you rename them. Not sure what else to try. Does anyone have any suggestions? Any help would be great!

--------------------

CYA

===========

REPLY

===========

yardbird

Feb 1 2010, 11:58 PM Post #2

Hi!

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

<http://forums.malwarebytes.org/index.php?showforum=7>

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.