TechSpot

Object hidden by rootkit technique

By mjs
May 30, 2011
  1. Laptop has picked up virus that AVg appears unable to remove.

    Various files have appear including
    ninjafdd.exe
    vdpoxdbw.exe
    win32/zbot

    Avg giving message object hidden by rootkit technique.

    Can anyone offer help how to remove?

    Many thanks
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    A note: Please be patient. This malware has hit many and it is time consuming to review each log.
     
  3. mjs

    mjs TS Rookie Topic Starter

    Unfortunately I don't seem to be able to open FireFox or internet explorer so I am unable to download malware. Apologies if I'm being very stupid.
    Doesn't even want to start up at all now, just goes onto the did not start successfully screen with options for safe mode etc. Whatever option I select it just returns to this screen.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    From the little bit of information you gave:

    Win32/Zbot is a family of password stealing trojans. Win32/Zbot also contains backdoor functionality that allows unauthorized access and control of an affected machine.
    Payload:
    Steals sensitive information
    Contacts remote site for instruction/Downloads and executes arbitrary files
    Allows remote backdoor access and control
    Modifies system security settings

    ALL.EXE can also use the following file names: VDPOXDBW.EXE>> Worm

    Fdd.exe is Added by the W32/Mytob-FO mass-mailing worm and IRC backdoor.
    "NINJAFDD.EXE"
    ============================================
    These are all different malware infections. Unfortunately "Avg giving message object hidden by rootkit technique" doesn't tell me enough to act on..

    Since you can't launch a browser and only get into Safe Mode, it would be best if your did a reformat/reinstall.

    I don't have enough information to advise you otherwise- except to bring you attention to the fact that your passwords may have been compromised as can be any other information on the system. Don't just shut down and give up. If someone does have your information, they may attempt to use it.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...