Can't get rid of rootkit infection / tcpip.sys

By The_Reynolds
Dec 18, 2012
  1. The_Reynolds

    The_Reynolds TS Rookie Topic Starter Posts: 24

    So, finally got my internet connection back and can get back to work again... but this time it wasn't the malware, it was my service provider.... Just saw that for once it wasn't the quickscan that is required... will do another scan with Kaspersky right away :) That too was one of my previously tried tools.
  2. The_Reynolds

    The_Reynolds TS Rookie Topic Starter Posts: 24

    Wow, this one took ages ^^ Here are the reports....

    Detected Threats:

    Status: Deleted (events: 2)
    21.12.2012 01:18:50 Deleted Trojan program Trojan.Win32.Genome.gpgl D:\MUIE.dll High
    21.12.2012 02:05:02 Deleted Trojan program Trojan.Win32.Genome.mhxx D:\Downloads\mIRC 6.35\crack\mirc.exe High
  3. The_Reynolds

    The_Reynolds TS Rookie Topic Starter Posts: 24

    For some reasons, my browser freezes when I try and copy the autoscan results.... uploading log file now.

    Nope... the file is too large ^^ Just saw it has more than 40MB, the report TXT file... :eek: what should I do??
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,283   +49

    Don't worry about that now. It's okay. :)

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE
    You now have a clean restore point, to get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do some calculation and the display a dialogue box with TABS
    • Select the More Options Tab.
    • At the bottom will be a system restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from or
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  5. The_Reynolds

    The_Reynolds TS Rookie Topic Starter Posts: 24

    Alright, did as instructed, here's the log:

    Results of screen317's Security Check version 0.99.56
    Windows XP Service Pack 3 x86
    Internet Explorer 6 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Flash Player 11.5.502.135
    Mozilla Firefox (17.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive E:: 8%
    ````````````````````End of Log``````````````````````
  6. The_Reynolds

    The_Reynolds TS Rookie Topic Starter Posts: 24

    Sooo.... does that mean my computer is finally clean again?? :cool:
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,283   +49

    Visit and get that updated. :)

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
  8. The_Reynolds

    The_Reynolds TS Rookie Topic Starter Posts: 24

    Yeah... that IE thingy... do I need that update if I use Firefox exclusively?

    Apart from that...

    THANK YOU VERY MUCH!!! :) I couldn't have done it without your help, since even nuking the system didn't work out for me...

    Happy holidays ;-)
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,283   +49

    It's best to update to avoid security vulnerability. :)

    Anymore questions today, PM me. Topic closed and marked solved. :D
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.