Jump to content

Need help, think i have a rootkit problem


Recommended Posts

Hello,

I think I have a very bad rootkit. I gave up the other day when it popped up and just used a system image to restore the computer, however, today the problem came back. Malwarebytes finds a Trojan svchost.exe problem and I remove it but it is always present when I restart. AVG finds tons of rootkits, using the rootkit scanner, but I remove them and they always come back. I don't know what to do. Here is the AVG report for the latest scan, please help!

Scan "Anti-Rootkit scan" completed.

Rootkits;"28";"0";"28"

Scan started:;"Friday, September 02, 2011, 9:55:45 PM"

Scan finished:;"Friday, September 02, 2011, 10:01:33 PM (5 minute(s) 47 second(s))"

Total object scanned:;"538214"

User who launched the scan:;"SYSTEM"

Rootkits

;"File";"Infection";"Result"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_CREATE -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_CREATE_NAMED_PIPE -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_CLOSE -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_READ -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_WRITE -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_QUERY_INFORMATION -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_SET_INFORMATION -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_QUERY_EA -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_SET_EA -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_FLUSH_BUFFERS -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_QUERY_VOLUME_INFORMATION -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_SET_VOLUME_INFORMATION -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_DIRECTORY_CONTROL -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_FILE_SYSTEM_CONTROL -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_DEVICE_CONTROL -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_SHUTDOWN -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_LOCK_CONTROL -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_CLEANUP -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_CREATE_MAILSLOT -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_QUERY_SECURITY -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_SET_SECURITY -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_POWER -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_SYSTEM_CONTROL -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_DEVICE_CHANGE -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_QUERY_QUOTA -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_SET_QUOTA -> 0xFFFFFA800579A647";"Object is hidden"

;"<unknown>";"IRP hook, \Driver\nvraid IRP_MJ_PNP -> 0xFFFFFA800579A647";"Object is hidden"

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.