Extremely hard hacktool.rootkit virus to remove! PLEASE help!

Status
Not open for further replies.
C

cracka301

I have a hacktool.rootkit virus on my computer that Norton can detect, but can't remove. I have found what I believe to be part of this virus, and no matter how many times I delete it in safe mode, it still comes back. This leads me to believe that I have only found an extention of the virus. The name of what I have been deleting is MSDIRECTX.SYS, and I found it in all my user's documents and settings folders. I really need help with this one. I am running the trojan removal program right now, but I need someone to tell me if my hijackthis log is clean or not. Please help any way you can! Any response will be greatly appreciated!
 

Attachments

  • hijackthis.txt
    11.9 KB · Views: 7
First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/S/ Service needs to be stopped
The text between the dotted lines underneath goes between the dotted lines of that post.
...................................................................................................
/P/S/ C:\Program Files\Common Files\Windows\services32.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
/P/ O4 - HKLM\..\Run: [Windows UPD] C:\WINDOWS\sys.exe
/P/ O4 - HKLM\..\Run: [Antivirus Installer] C:\ed.exe
/P/ O4 - HKLM\..\Run: [stratas] lockx.exe
/P/ O4 - HKLM\..\Run: [System service76] C:\WINDOWS\\\etb\\pokapoka76.exe
/S/O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [stratas] lockx.exe
/P/S/O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-59-627-0000166.exe
<<<<<<<< the 00166.exe may change to other numbers, stop/delete them also. >>>>>>>>>
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Fix ALL your O16 - DPF: entries
...................................................................................................


For these O10 entries:
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
See Broken Internet access with xxx.dll.

Then post a new log.
 
is my computer really clean? (attached hijackthis log)

I just cleaned out my computer using hijackthis, and I need someone to look at my hijackthis log and tell me if my system is clean. I know both the 10's need fixing, such as the missing file and broken internet connection, but I need to get around something to get to the site to download the removal program. Any help would be greatly appreciated! Thanks!
 

Attachments

  • hijackthis.txt
    10.2 KB · Views: 6
We do not like you to open a new thread unnecessarily. Continue with the same thread until the problem is solved, please.

These still need looking after:
...........................
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursearchspace.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yoursearchspace.com/sp2.php
/P/ O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
/P/S/ O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
/P/S/ O23 - Service: QGGUVKGP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Jared\LOCALS~1\Temp\QGGUVKGP.exe
.................
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
538
Mark Fuller
M
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
302
Nelson28
N
B
Help with "special permissions" please
Replies
1
Views
524
Nelson28
N

Latest posts

Back