Possible Rootkit Problem?

Status
Not open for further replies.
T

the_paco007

Posts: 6   +0
Hello,

I think i may have a possible rootkit problem that just wont go away. I dl'ed some nasty stuff and thought i got it all out until i tired to google something and google.com or gmail.google.com wouldnt work. It seems to be similar to opucek's problem awhile back. Any other website works just fine.

Any help would be greatly appreciated!

Thanks in advance
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Uninstall anything to do with Viewpoint and Wildtangent from add remove programmes in your control panel.

Download and run the Blacklight programme. Follow all the instructions carefully.

Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

Run the programme and click the click "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
* Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.


Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above. Let me know the results of the Blacklight and AVG Antirootkit scans.

Regards Howard :wave: :wave:

This thread is for the use of the_paco007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Sorry I havent gotten back to you sooner. The AVG Anti-Rootkit came up with nothing, as did Blacklight. No dice.

I also followed the Virus/Spyware/Malware removal instructions.

Attatched is an updated HJT log.

Something else of note, Google.com works fine if i find it through a proxy such as www.polysolve.com

Thanks again for your help. I need my google fix...
 
You didn`t attach an AVG Antispyware log as requested. Please do so in your next reply.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

WildTangent
Apps
CDA
Viewpoint
Viewpoint Manager

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe
GameDrvr.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://quickplace02.geextranet.com/qp2.cab

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab

O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\WildTangent<Delete the entire folder.
C:\Program Files\Viewpoint<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as an AVG Antispyware log. Let me know if you`re still having problems.

Regards Howard :)

This thread is for the use of the_paco007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hello,

I followed your most recent instuctions to the letter and still no luck... maybe it's not a rootkit after all. Could a virus have caused damage to the netowrk? I flushed DNS and made sure my firewall wasnt blocking anything it shouldnt.

I cant post an AVG Rootkit logfile because it didn't generate output. Here is the new HJT though...


Thanks again for your continued assistance!
 
I asked you to post an AVG Antispyware log, not an AVG Antirootkit log.

Your HJT log is clean.

Yes, a virus could quite easily cause damage to the network.

Run an AVG Antispyware scan as per the instructions in this thread HERE and post the results.

Regards Howard :)

This thread is for the use of the_paco007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Delete all files in AVG Antispyware quarantine.

Locate and delete the following bold files and/or directories(if there).

C:\localtexmf<Delete the entire folder, it`s infected with a nasty keylogger.

Reboot into normal mode and rehide your protected OS files.

Go HERE and follow the instructions for running the Ccleaner programme.

Then, run a new AVG Antispyware scan as per the instructions in the above thread and post the AVG Antispyware log file.

Regards Howard :)

This thread is for the use of the_paco007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Still no luck. That keylogger came up again in the windows system restore files, so i cleaned it out.

Any other advice?

Thanks!!!
 
Delete all files in AVG Antispyware quarantine.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of the_paco007 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks very much for all your help. It was truly appreciated.

The problem ended up being in the HOSTS file. I couldnt believe how simple a fix this was. Almost a month of headaches over a two second fix.

I cannot thank you enough for all your help! My computer thanks you!


Regards and Good Luck,
Paul
 
Status
Not open for further replies.

Similar threads

Dood123
Help login in Instagram account, says use 2FA code but have not set up 2FA for insta
Replies
0
Views
702
Dood123
Dood123
arsonfly
Hi all, I have a problem with random FPS lag from out of nowhere.
Replies
1
Views
1K
khadirajohn
K
Cal Jeffrey
Someone created a video game with nothing but AI tools ChatGPT, Dall-E, and Midjourney
Replies
15
Views
532
havok585
havok585

Latest posts

Back