Hacktool.rootkit removal help needed

Status
Not open for further replies.
Hey folks,

Last night I got a virus into my computer through MSN Live. Now my Norton is popping up a message every 30 sec. about hacktool.rootkit. I have read some threads about this on this website, but they are from 2005 and maybe out-dated?

Anyway I have downloaded the hijackthis software and it has produced this log. Can anyone help?
 
Hi,

You are running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature.

Your log does show signs of an infection.

Very Important: Malware infections may possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to read this thread HERE before deciding what course of action to take regarding your infection.

Let me know if you wish to format or clean.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of fluffy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi and welcome to TechSpot.

Please download the file CFScript.txt attached to my post and save it to the same folder as ComboFix.

Drag the CFScript.txt file over onto ComboFix.exe and then release it. This will ask ComboFix to execute the instructions contained in the file. Let ComboFix run normally and do its job; attach the resultant log in your next reply.

Then run HijackThis and place a check in the box next to the following entries (if there):

O23 - Service: BCVLK - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\BCVLK.exe (file missing)

O23 - Service: FKSNTD - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\FKSNTD.exe (file missing)

O23 - Service: OLNKXWQSRUHJ - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\OLNKXWQSRUHJ.exe (file missing)

O23 - Service: RNULSMZJSGBRW - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RNULSMZJSGBRW.exe (file missing)

Close all open programs, including this browser window. Click the fix checked button in HijackThis. Once it's done fixing, close HJT.

Then go to start->run, type in services.msc and press enter.

When the window appears, maximize it. Double-click on the following services and set the startup type to disabled:

BCVLK

FKSNTD

OLNKXWQSRUHJ

RNULSMZJSGBRW

All items in your AVG Anti-Spyware log say no action taken. You need to rerun AVG Anti-Spyware per these instructions and post a fresh logfile, as well as a fresh HJT log, and the log resulting from the CFScript instructions.

Regards :)

This thread is for the use of fluffy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 

Attachments

  • CFScript.txt
    370 bytes · Views: 5
Hi Momok and Kitty500cat,

I have solved this problem now:) I found a software called UnHackMe and after running it a few times, the rootkit warnings from NOD32 dissapeared. I think this was a result of your instruction advices and UnHackMe software together. Anyway I am very greatful for your help and very glad to be able to clean my system without re-formatting.

Regards
Fluffy
 
Status
Not open for further replies.
Back