Hacktool.rootkit what am I doing wrong?

[redsand209]

I followed the 8 step removal of viruses to get rid of this virus i could not kill--it's immortal--it's like the highlander.
i'm not sure if it's gone or not at this point.

i'm attaching the 3 logs in the next reply for hijackthis, malware byte, and super antispyware free.

the old hijackthis log was attached earlier, but may be irrelevant at this point. the new one is
called hijackthis2.log

am i in the clear or are there persistent files needing my attention?

here they are

 

[touch]

Hello redsand209

According to the (removed) infections in malwarebyte log, it looks like you have more infections, I´ll therefore suggest you post a combofix log ->

Please download combofix here -> https://www.techspot.com/downloads/5587-combofix.html

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.

It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt,
please attach it to your next post

 

[redsand209]

combofix log

Here's the requested combofix log.
I also renamed the program as requested, and posted that log as well (named combolog2.txt)

thanks

 

[touch]

Unfortunality are one of the system files infected, and we´ll need to replace it with a clean file.

So will you please check these files:
Upload and have these files scanned:

d:\windows\ServicePackFiles\i386\user32.dll
d:\windows\system32\dllcache\user32.dll

Here
http://virusscan.jotti.org/ or: http://www.virustotal.com/en/indexf.html


Post back the results

 

[redsand209]

For the first file nothing was found.


For the second file:

ArcaVir found W32.Patched.Bb
Avast found Win32:SysPatch
Dr. Web found BackDoor.Zapinit
F-Secure Anti-Virus found Trojan.Win32.Patched.dr
Kaspersky Anti-Virus found Trojan.Win32.Patched.dr
NOD32 found Win32/Pinit
Panda Antivirus found W32/Patched.D
Quick Heal found Trojan.Patched.AP
Sophos Antivirus found Troj/User32Hk-A
VirusBuster found Trojan.Patched.AP

 

[touch]

Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript
and Save it on the desktop

Killall::
Snapshot::
Filelook::
d:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll

FCopy::
d:\windows\ServicePackFiles\i386\user32.dll | d:\windows\system32\user32.dll
d:\windows\ServicePackFiles\i386\user32.dll | d:\windows\system32\dllcache\user32.dll

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

 

[redsand209]

response

alllllllllright


here's the next file requested.

ps. i hate whoever creates viruses. may they burn in hell.

 

[touch]

They probably will


Please download http://jpshortstuff.247fixes.com/FileLook.exe
by jpshortstuff and save to your Desktop.
Double-click FileLook.exe to run it.
Important! If using Windows Vista, be sure to Run As Administrator.
Ensure that BBCode Ouput is checked. Copy and paste everything in the code box below into the empty textfield under FileLook by...

d:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll

Click the FileLook button to start the scan.
When finished, Notepad will open with the results of the scan in a text file named fl_log.txt which will automatically be saved to the root of your system drive. (Typically C:\fl_log.txt)

It looks like you have missed java update part, update it from here: -

8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Please attach the contents of Filelook log in your next reply, along with fresh Hijackthis log.

 

[redsand209]

all right touch,

here's the next 2.

about the java--when i first posted the query i did not update because the viruses were effin with my internet connection. either yesterday or the day before i updated. so it shooouuuuld be ok.

 

[redsand209]

that didn't work!

that link for OTCleanIt is not valid.

also, as of yesterday, in the lower right hand corner of my desktop, the taskbar i guess, where the clock goes, isn't showing as many icons as it usually does. my symantec antivirus is running, but won't show that it is. it was scheduled for a system check last night, and ran fine, and deleted some things that it shouldn't have. i forget exactly what unfortunately, but namely, apoint.exe, which is the program for my touchpad that gives it extra functionality.

now i can certainly reinstall that prog, but any idea why this happened?
if you send me the right link for OTcleanit, i will see if that works and all, but should i try a system restore before that? (like to a couple days ago, after deleting viruses but before yesterday when this new problem presented itself)

 

[redsand209]

see post above first.

next:

my symantec found another virus today.
you can read about it here:
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2009-040302-2123-99

there's a removal process, but i don't understand
how to rename executable files renamed by the virus (step 4)

 

[touch]

This link should work -Please download OTCleanIt

Rightclick on the file (a box will pop up) choose - rename