Hacktool.rootikit detected

[keyzlife]

I have been getting a message from Norton indicationg Hacktool.rootikit dtected, but it won;t remove it. I followed the pre-post instructions. Can someone please let me know what I need to do. Thanks.

Jason

 

[Spyder_1386]

Hi keyzlife

Please uninstall Norton and install one of the recommended anti-viruses on here .... https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ ....

Spyder_1386

 

[Bobbye]

The step about antivirus in the Virus and Malware Removal thread address the fact that if you DON'T have an AV program running, suggestion is made for get Avira or Avast. While Norton isn't one of our favorites, I am not going to tell you to trash a security suite you have paid for!

Instead, let's address the log entries:
The Mbam log does show evidence of a Rootkit. It also shows Temp files that should have been cleaned.

SuperAntispyware shows Tracking Cookies:
Reset Cookies:

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):

C:\Program Files\Viewpoint\Common\ViewpointService.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKCU\..\Run: [A00F163359.exe] C:\DOCUME~1\JASONO~1.OSB\LOCALS~1\Temp\_A00F163359.exe
O4 - HKCU\..\Run: [Jason Osborne] C:\Documents and Settings\Jason Osborne.OSBORNE-HOME-00\Jason Osborne.exe /i
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button and boot into Safe Mode:

You have Viewpoint Media Player installed on your system.

This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player.

How to Remove Viewpoint Media Player, Toolbar, or Manager

1) Right-click on the clock in your taskbar and choose Task Manager
2) Click on the Processes tab and search for VIEWMGR.EXE, if its found, click on it and then click End Task to close it
3) Click on Start, Control Panel, Add/Remove Programs
4) Uninstall any of the following programs associated with Viewpoint
• Viewpoint Manager
• Viewpoint Media Player
• Viewpoint Toolbar
5) Close the Add/Remove Programs and Control Panel
6) Restart your computer in Normal Mode.

Warning: If you install AOL © Instant Messenger, Adobe Atmosphere plugin, or another program that requires Viewpoint, it will download and install again.

NOTE: the HijackThis log shows that Outlook Express was running. When you're doing the scans, all other active Windows should be closed.

When you have finished, UPDATE and rescan with Malwarebytes. Follow with HijackThis. Run a Norton AV scan and save log if there are Hackdoor references. Include it on the next post with the other logs. and attach both logs. We will then make the decision whether to run Rootkit Repair.

Update Adobe: Most current version: Adobe Reader 9.1

Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version : https://www.techspot.com/downloads/345-adobe-reader.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php

This thread is for the use of keyzlife only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Virus and Malware Removal Forum.

[/COLOR][/B]