Home > I Think > I Think I Have A Nasty Rootkit. Can't Run Rootrepeal Or Dds

I Think I Have A Nasty Rootkit. Can't Run Rootrepeal Or Dds

I am still experiencing effects of the trojan. Naggar -Thanks so much for your quick response to my post. Share this post Link to post Share on other sites Maurice Naggar    Staff Moderators 16,648 posts Location: USA Interests: Security, Windows, Windows Update, malware prevention ID: 11   Posted September Share this post Link to post Share on other sites Maurice Naggar    Staff Moderators 16,648 posts Location: USA Interests: Security, Windows, Windows Update, malware prevention ID: 2   Posted September Source

HJT would not open the second time I tried to open it up and I'm not sure if it did a complete scan the first time I ran it (these logs I'm not sure I have the cd's but I'll check. I'm really up a creek here and could use your help, got myself good this time. Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values...

I get the dialog box saying "Windows cannot access the specified device, path, or file. Click "Do a system scan only" button.Now select the following entries by placing a tick in the left hand check box, if still present:Code: Select allO4 - HKLM\..\Run: [lcrhpnvuuwc87] C:\Windows\system32\lcrhpnvuuwc87.exeOnce you browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

Initially, it was tripping Avira every 5-6 minutes (see AVrprt2.png). But first, turn off your Spysweeper and Norton/Symatec AV "real time" monitors.Use this as a guide if needed, but do NOT turn off the firewall.How To Temporarily Disable Your Anti-virus, Firewall Topics will be closed after three days if there is no response. I downloaded and installed the Prevx 3.0 malware removal software.

I can access the folders in Safe Mode. Back to top #4 Raktor Raktor Teacher Emeritus Authentic Member 3,114 posts Posted 22 September 2009 - 09:41 PM 1) DDS Please download DDS and save it to your desktop from Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... https://forums.spybot.info/archive/index.php/t-52020.html The BSOD error code was 0x0000008E (0xC0000005, 0x00610065, 0x8D1BCF0, 0x00000000 and I realize I missed a digit in the 2nd to last hex #.The 2nd & 3rd times it created a

Thanks Back to top #6 Raktor Raktor Teacher Emeritus Authentic Member 3,114 posts Posted 22 September 2009 - 09:52 PM Reboot, and it should hopefully go into normal mode.. Checking for bad processes... It's better to be safe than sorry!When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Join 91119 other members!

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. I am an intermediate computer user and I thought I could solve this problem by myself. So I'm going to attach my RootRepeal and Hijack This! These folders were in a Windows\Temp folder along with about a dozen other files all named JETnnnn.tmp.

My machine has a program that runs at startup called lrchpnvuuwc87.exe. http://tagnabit.net/i-think/i-think-my-pc-may-be-infected-with-rootkit-0access.php It was too fast for me to get much information about it. If you see a certain entry or program you're unsure about, please don't hesitate to ask! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

As it stands now I can't get the report from win32kdiag, there's just tons of dialog boxes that say things (dll's, Software Distributions dll cache) are corrupt and I can't get Unable to execute file err Started by Boboli3 , Oct 25 2009 11:32 PM Page 1 of 3 1 2 3 Next This topic is locked #1 Boboli3 Posted 25 October Please do not PM me for malware removal assistance. have a peek here Any guidance you can provide will be much appreciated!!

Sign In Create Account Body Background skin color theme reset What the Tech Search Advanced Search section: Google This topic Forums Members Help Files Downloads Unreplied Topics View New Content All rights reserved. Back to top #5 fredII fredII Authentic Member Authentic Member 79 posts Posted 22 September 2009 - 09:50 PM can I reboot or will I re-infect?

I can run RootRepeal.exe but after a few seconds of scanning on the "Files" Tab on the C:\ drive, the program exits (disappears).

I tried uninstalling it and re-installing it, but no luck. It will save a Win32kDiag.txt file to your desktop automatically. Double-click the Utility to run it and and let it finish. I also tried renaming "mbam.exe" to "winlogon.exe" (as a post suggested), but I get a dialog box saying: "Cannot rename.

Resetting policies... --Finished-- exeHelper by Raktor - 09 Build 20090919 Run at 21:11:36 on 09/22/09 Now searching... That is why I suggest that one does a Preview before doing a final Submit of a response.I had used "Preview" when I posted before and I got the same Error Malwarebytes won't run. http://tagnabit.net/i-think/i-think-i-may-have-a-rootkit-vimax-ads.php exeHelper by Raktor - 09 Build 20090919 Run at 20:17:42 on 09/22/09 Now searching...

Did run RR and will post log. I keep getting an error message "Sorry, your post was too long, please reduce it." I've tried this several times -- reducing the size of the Post -- and I keep Post your HijackThis, DDS, RSIT, Combofix logs here. exeHelper by Raktor - 09 Build 20090919 Run at 20:17:42 on 09/22/09 Now searching...

Moderator: Moderators Forum rules Post a reply 21 posts • Page 1 of 2 • 1, 2 Reply with quote TR/Dropper.Gen & TR/Rootkit.Gen Trojans by redbird14 » Thu Dec 03, 2009 If it is flashing, Combofix is still at work.=RE-Enable your AntiVirus and AntiSpyware applications.Reply with copy of the C:\Avenger.txtand the C:\Combofix.txt Share this post Link to post Share on other sites the system cannot find the specified file." I have tried following some of the instructions on here by running the exehelper, DDS, rootrepeal. Resetting policies... --Finished-- ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/22 21:09 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS Address:

Double-click on exeHelper.com to run the fix. But, as I said, I can't access the Internet through my IE7 browser. Won't Run - Suspected Rootkit Sign in to follow this Followers 2 Malwarebytes, Hijack This!, etc.