Hacktool.rootkit problem!

Status
Not open for further replies.
P

Plaw

Hacktool.rootkit problem

Ive tried to follow the instructions already posted. I must not be too comptent or something. Any help/patience is appreciated. It keeps getting put in to norton quarintine I just cant find the file to delete.
 

Attachments

  • hijackthis.txt
    3.6 KB · Views: 11
Still broke

I tried the trend scan and it came back clean. I get about 2 items in quarantine a second. Here is whats going on.

Nortons AV is giving me this notification:

Scan Type: Auto-Protect Scan
Event: Threat Found!
Threat: Hacktool.Rootkit
File: C:\\WINNT\system32\et54fg.sys
Location: Quarantine
Computer: Mine
User: System
Action Taken: Quarantine succeeded: Access denied
Date found: Tuesday, August 30, 2005

I deleted everything in my quarantine at the start of this message and now I have 1071 items in quarantine.

I have ran Nortons, Ewido, Adware SE Personal, and Trend Micro online scan. All came back saying a clean system. Please Help. Attached is another Hijackthis log
 
Go here, read it, then click on the Solution tab
http://www.trendmicro-middleeast.co...p?LYstr=VMAINDATA&vNav=1&VName=TROJ_ROOTKIT.N

Then do this, just in case some is still there:
Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager.
On Windows 95/98/ME, press CTRL+ALT+DELETE.
On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
Click the Processes tab, select the process (if there), click End Process for:
system.exe

Next, click Start/Run and type services.msc and click OK. Look for the service:
system.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O23 - Service: systemboot - Unknown owner - C:\WINNT\system.exe
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, delete:
C:\WINNT\system.exe
C:\WINNT\system32\et54fg.sys (or similar name if it changed)

Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
 
Many appreciations

Hey thanks alot. It was that system.exe file. Seems to have done the trick. Now just to keep the kid off the computer. Might be a tougher one.

Thanks again for your help
 
Status
Not open for further replies.

Similar threads

R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
3K
Broni
Broni
Julio Franco
Just a quick note...
Replies
0
Views
109
Julio Franco
Julio Franco
orangeshadow
Games lag and freeze in 15-20 minute intervals.
Replies
0
Views
466
orangeshadow
orangeshadow

Latest posts

Back