May still be infected with Hacktool.rootkit and xz.bat

Status
Not open for further replies.
My girlfriend unfortunatly clicked on a link one of her friends "sent" her through AIM. Most people may be aware that this is the hacktool.rootkit, which includes xz.bat and msdirectx.sys. I have attached the HiJack logfile (since I didnt see the post where ones in the post will be deleted).

I have tried doing the instructions that were shown in this forum, however, I did not have any luck.

I have downloaded NOD32 but that too has had no effect.

Currently the norton antivirus claims to have the files quarantined, however, I do not fully trust that.


I am at her college attempting to fix this so if anyone can help me with this PLEASE PLEASE PLEASE help me!

thanks soooo much in advance

Kind Regards,
Michael
 
Also, I keep getting APQ**.tmp files in the C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\ folder.

Along with this it says hacktool.rootkit as well as trojan horse in the auto-protect results. This .tmp files are coming at a constant rate.
 
First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/S/ Service needs to be stopped
/U/ UNinstall anything to do with this
/R/ unRegister the xxx.DLL in that line
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
...................................................................................................
/R/ O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
/R/U/ O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
/P/S/ O23 - Service: TUDNNMTBHF - Sysinternals - www.sysinternals.com - C:\DOCUME~1\AMYPEL~1\LOCALS~1\Temp\TUDNNMTBHF.exe
/P/S/ O23 - Service: VQSQOFW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\AMYPEL~1\LOCALS~1\Temp\VQSQOFW.exe
...................................................................................................
 
Status
Not open for further replies.
Back