Hacktool and Hacktool.Rootkit (8 Steps Completed)

[phoenix115]

Hi Mike,

As I explained in my previous posts, the only time Dr.Web picked up on something was the first scan. The later scans (2nd~5th time) did not pick up on anything; it says "No Viruses found" at the end of the complete scans. I attached a part of the CureIt log that contained lines that said "read error". (I was going through the log as I was waiting for your reply.) The things that Dr.Web picked up on during the first scan was either Cured or Moved like I said earlier. However, none of the things indicated "Hacktool" or "Hacktool.Rootkit".

I have ran the scans you indicated in your last post (MBAM, SAS) multiple times and no viruses are found. But Norton still detects the Hacktool and Hacktool.Rootkit viruses once my computer restarts. And then the whole process repeats with the detection, removal, restart.

Since Norton always detects these 2 viruses in the same areas:

c:\windows\system32\drivers\jsdpp32.sys
c:\windows\system32\drivers\oxauau96.sys
c:\windows\system32\drivers\qh3s.sys

Is there anything we can do to these 3 locations directly. I don't think the scans are doing anything as I've been running scans since Friday.

 

[mflynn]

Open MBAM click More Tools-Run Tool

Then paste each line 1 at a time to the File name: block and click OK to delete.

c:\windows\system32\drivers\jsdpp32.sys
c:\windows\system32\drivers\oxauau96.sys
c:\windows\system32\drivers\qh3s.sys

After all have been pasted exit MBAM and reboot. Check if gone!

Mike

 

[phoenix115]

Hi Mike,

I get the following message when I follow your instructions above:

The file cannot be deleted. Your computer needs to be restarted to complete the removal process. Would you like to continue?

I entered each line and restarted computer each time.
I did this in Safe Mode with Networking mode and Normal mode.

I am running a Norton scan in Normal mode now and the 2 viruses are still being detected and "fully removed."

Please help~

 

[kimsland]

Can I just mention that you will be never truly clean with having BitComet and Norton Internet Security installed

I'll tell you what I'd do (in order) if I were you, if you're not interested then continue the cleaning process with mflynn

1. Uninstall BitComet
2. Uninstall Norton
3. Remove AOL Browser (use Internet Explorer, or better yet Firefox)
4. Run the Norton Removal tool
5. Restart
6. Download\Install and run a full scan with: Avira Free Antivirus

Doing the above will make your system:
1. Much more responsive (basically faster)
2. More secure and less prone to malware
3. Clean up present issues (mostly)

So your choice, continue on :grinthumb

 

[phoenix115]

Hi Kimsland,

Thank you for your advice. I am pretty desperate now as I've been working on these 2 viruses for the past couple of days (even missed 2 days of school because of this). I no longer use BitComet so I will uninstall that as you instructed. As with Norton, will I be able to get it back after removing it? I just paid the renewal fee about a month ago... I actually no longer use AOL to browse; I have MSN instead. (Yah, this is an old computer.) And just wondering, would I do the steps you instructed in Safe Mode, Safe Mode with Networking, or Normal mode? And would I repeat the other scans in addition to the new Avira you suggested?

Thanks again...These 2 viruses are really driving me crazy!
T.T

 

[kimsland]

Actually Norton has steps at removing their Antivirus, and one of them states to backup your license. If you have your license already backed up then go for the uninstall.
I'm sorry to hear that you just paid subscription to this Antivirus, I feel that it is one of (if not the all time) worst Antiviruses around

Norton is a tad different to other Antivirus softwares, as Norton replaces Windows system files with its own. How MS ever allowed that is beyond me
Anyway when Norton corrupts (as it usually always does under Malware) It also corrupts Windows. Likely making your system unbootable (won't start)

Therefore I wouldn't pay for it, but you weren't to know this I suppose.
So even though I mention backup your license, I really mean get your money back (if you can)

The above steps can all be done in Normal mode
As for repeating the scans. Well having Avira installed (as per all that I mentioned above)
And if you then update Malwarebytes and run a full scan, Avira will notify you of Viruses anyway. So therefore just one full scan with Malwarebytes (update it first) with Avira sitting on the tray normally autprotecting, should be enough.

Your call.

 

[phoenix115]

Yeah. I've heard the same about Norton when I was doing research about the viruses earlier prior to Techspot. I wish I knew about it earlier. Our family just took the suggestion from the guy at Best Buy. *sigh*

I already uninstalled BitComet and AOL as I don't use them anymore now anyways.
I am looking at Norton's uninstall procedure now.

I hope this works.....arghz...this is so frustrating!

Thanks for the advice again!

 

[kimsland]

Make sure to reply back with your thoughts (well logs if you like) of removed stuff later
Once all the above (I recommended) is done
I just want to repeat though. The free Avira, is way better than the paid Norton rubbish

 

[phoenix115]

I just wanted to thank you all for your help. I finally gave up last night and just decided to pay Norton to remove the 2 viruses for me. I couldn't afford to wait another day as I really needed the internet access for school. This is a nice forum; I'm glad I found it. Nice meeting you guys!


@Kimsland:

Thanks. I will remember Avira when Norton asks me to pay the renewal fee next time.