TechSpot

Hacktool.rootkit removal help needed

By fluffy
Aug 20, 2007
Topic Status:
Not open for further replies.
  1. Hey folks,

    Last night I got a virus into my computer through MSN Live. Now my Norton is popping up a message every 30 sec. about hacktool.rootkit. I have read some threads about this on this website, but they are from 2005 and maybe out-dated?

    Anyway I have downloaded the hijackthis software and it has produced this log. Can anyone help?
     
  2. momok

    momok TS Rookie Posts: 2,272

    Hi,

    You are running an outdated version of HijackThis.
    You can obtain the latest version from the link in my signature.

    Your log does show signs of an infection.

    Very Important: Malware infections may possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to read this thread HERE before deciding what course of action to take regarding your infection.

    Let me know if you wish to format or clean.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of fluffy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. fluffy

    fluffy TS Rookie Topic Starter

    Hello Momok,

    Many thankx for your advice! I have now followed all the instructions you gave me and attaching the log files you asked for. HijackThis, ComboFix and AVG-antiSpyware files. The AVG-antiRootKit did not find anything, so I am not attaching that log file.

    View attachment 21386

    View attachment 21387

    View attachment 21388
     
  4. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Hi and welcome to TechSpot.

    Please download the file CFScript.txt attached to my post and save it to the same folder as ComboFix.

    Drag the CFScript.txt file over onto ComboFix.exe and then release it. This will ask ComboFix to execute the instructions contained in the file. Let ComboFix run normally and do its job; attach the resultant log in your next reply.

    Then run HijackThis and place a check in the box next to the following entries (if there):

    O23 - Service: BCVLK - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\BCVLK.exe (file missing)

    O23 - Service: FKSNTD - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\FKSNTD.exe (file missing)

    O23 - Service: OLNKXWQSRUHJ - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\OLNKXWQSRUHJ.exe (file missing)

    O23 - Service: RNULSMZJSGBRW - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RNULSMZJSGBRW.exe (file missing)

    Close all open programs, including this browser window. Click the fix checked button in HijackThis. Once it's done fixing, close HJT.

    Then go to start->run, type in services.msc and press enter.

    When the window appears, maximize it. Double-click on the following services and set the startup type to disabled:

    BCVLK

    FKSNTD

    OLNKXWQSRUHJ

    RNULSMZJSGBRW

    All items in your AVG Anti-Spyware log say no action taken. You need to rerun AVG Anti-Spyware per these instructions and post a fresh logfile, as well as a fresh HJT log, and the log resulting from the CFScript instructions.

    Regards :)

    This thread is for the use of fluffy only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     

    Attached Files:

  5. fluffy

    fluffy TS Rookie Topic Starter

  6. fluffy

    fluffy TS Rookie Topic Starter

    Hi Momok and Kitty500cat,

    I have solved this problem now:) I found a software called UnHackMe and after running it a few times, the rootkit warnings from NOD32 dissapeared. I think this was a result of your instruction advices and UnHackMe software together. Anyway I am very greatful for your help and very glad to be able to clean my system without re-formatting.

    Regards
    Fluffy
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.