also @ TechSpot: Asus' new lineup of Z87 Haswell motherboards revealed

Can't get rid of rootkit infection / tcpip.sys

Discussion in 'Virus and Malware Removal' started by The_Reynolds, Dec 18, 2012.

Page 2 of 2

  1. The_Reynolds Newcomer, in training Posts: 24

    Okay, interim report... executed filesystem check, system rebooted after the inboot fs-check, which I found odd, because normally it carries on with the interrupted boot sequence, but well. Then ran system file check and rebooted. System seems to work normally, except my sound drivers are shot, also the system behaved as if a new graphics driver was installed, testing the monitor, but my graphics driver seems to be intact ^^ Continuing with Restore & Repair now....
    The_Reynolds, Dec 19, 2012
    #21

  2. The_Reynolds Newcomer, in training Posts: 24

    Okay, done. Attaching log.xml.

    Following error occured: the file you want to upload has no allowed extension.
    The_Reynolds, Dec 19, 2012
    #22

  3. The_Reynolds Newcomer, in training Posts: 24

    Contents of HitmanPro xml log file as follows:


    <Log computer="OLD-DOG" windows="5.1.3.2600.X86/1" scan="Normal" version="3.7.0.183" date="2012-12-20T01:49:53" timeSpentInSecs="1056" filesProcessed="6678"><Item type="Cookie" score="0.0" status="Deleted"><File path="E:\Documents and Settings\Icicle\Cookies\0T13669J.txt" /></Item></Log>
    The_Reynolds, Dec 19, 2012
    #23

  4. The_Reynolds Newcomer, in training Posts: 24

    Failed to upload one item into the scan cloud, because I had peerblock running ^^
    The_Reynolds, Dec 19, 2012
    #24

  5. Jay Pfoutz Malware Helper Posts: 4,286   +49

    No prob...good job! One more crazy check and we'll see how it's doing. :)

    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.
    Jay Pfoutz, Dec 20, 2012
    #25

  6. The_Reynolds Newcomer, in training Posts: 24

    So, finally got my internet connection back and can get back to work again... but this time it wasn't the malware, it was my service provider.... Just saw that for once it wasn't the quickscan that is required... will do another scan with Kaspersky right away :) That too was one of my previously tried tools.
    The_Reynolds, Dec 20, 2012
    #26
     

  7. The_Reynolds Newcomer, in training Posts: 24

    Wow, this one took ages ^^ Here are the reports....

    Detected Threats:

    Status: Deleted (events: 2)
    21.12.2012 01:18:50 Deleted Trojan program Trojan.Win32.Genome.gpgl D:\MUIE.dll High
    21.12.2012 02:05:02 Deleted Trojan program Trojan.Win32.Genome.mhxx D:\Downloads\mIRC 6.35\crack\mirc.exe High
    The_Reynolds, Dec 21, 2012
    #27

  8. The_Reynolds Newcomer, in training Posts: 24

    For some reasons, my browser freezes when I try and copy the autoscan results.... uploading log file now.

    Nope... the file is too large ^^ Just saw it has more than 40MB, the report TXT file... :eek: what should I do??
    The_Reynolds, Dec 21, 2012
    #28

  9. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Don't worry about that now. It's okay. :)

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE
    You now have a clean restore point, to get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do some calculation and the display a dialogue box with TABS
    • Select the More Options Tab.
    • At the bottom will be a system restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    Jay Pfoutz, Dec 21, 2012
    #29

  10. The_Reynolds Newcomer, in training Posts: 24

    Alright, did as instructed, here's the log:

    Results of screen317's Security Check version 0.99.56
    Windows XP Service Pack 3 x86
    Internet Explorer 6 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    CCleaner
    Adobe Flash Player 11.5.502.135
    Mozilla Firefox (17.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive E:: 8%
    ````````````````````End of Log``````````````````````
    The_Reynolds, Dec 21, 2012
    #30

  11. The_Reynolds Newcomer, in training Posts: 24

    Sooo.... does that mean my computer is finally clean again?? :cool:
    The_Reynolds, Dec 21, 2012
    #31

  12. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Visit http://update.microsoft.com and get that updated. :)


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
    Jay Pfoutz, Dec 21, 2012
    #32

  13. The_Reynolds Newcomer, in training Posts: 24

    Yeah... that IE thingy... do I need that update if I use Firefox exclusively?

    Apart from that...

    THANK YOU VERY MUCH!!! :) I couldn't have done it without your help, since even nuking the system didn't work out for me...

    Happy holidays ;-)
    The_Reynolds, Dec 21, 2012
    #33

  14. Jay Pfoutz Malware Helper Posts: 4,286   +49

    It's best to update to avoid security vulnerability. :)

    Anymore questions today, PM me. Topic closed and marked solved. :D
    Jay Pfoutz, Dec 21, 2012
    #34
Page 2 of 2
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.