hacktool.rootkit

[jools182]

Hi

Apologies if this has been asked before, I'm new here!

I had a popup from Norton on the 28th June 2006 telling me that I had a hacktool.rootkit attack on my machine.

Norton couldn't fix it so I just put it in quarantine. Since then the computer has become a lot slower and the fan on the processor is on full blast when starting up or connecting to the internet. Its also very slow on connecting to the net

I had a bit of a surf and found that most people with this kind of attack had Norton installed, so I have since changed to Panda Titanium, I have also installed PC tools Spyware Doctor

I have done the Lavasoft and Spybot thing, but my machine is still a lot slower than it was and the processor does get hot a lot more than it used to. I only ever used to notice the fan coming on when I was playing a game, but now it does it a lot.

Do you have any suggestions? I'm not too hot on computer literacy, so please be patient

thanks

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow the instructions.

If that doesn`t help there is a programme called Unhackme that claims to get rid of rootkit infections. I cannot vouch for this programmes effectiveness, but it may be worth a try. http://www.greatis.com/unhackme.zip

If none of the above helps, then backing up your important data and reformatting the hard drive, maybe the only way to get rid of the rookit infection you have.

Regards Howard :wave: :wave:

 

[jools182]

Thanks

I tried the first link, and then the download suggested on the first link but got this message

Pattern file "LPT$VPN.*" is missing. Please download a copy

Not sure where I should get it or what it is!

Also not sure what a HJT scan is!

Sorry for being slow!

 

[howard_hopkinso]

Read the instructions HERE. It explains where to get the pattern file.

HJT won`t do anything against a rootkit infection.

However, if you manage to get rid of the rootkit, then go and read this thread HERE.

Then, post a HJT log as a .txt attachment.

Regards Howard

 

[jools182]

HJT log

Hi

i have tried the anti virus/spybot/search and destroy advice

could someone look at my HJT log and see if there is anything suspicious as my computer is still being strange

thanks

 

[howard_hopkinso]

There`s nothing particularly nasty in your HJT log.

Before I start telling you what you can get rid of, I`d like to know if your rootkit problem has gone?

I have merged your new thread into this one.

Regards Howard

 

[jools182]

Thanks Howard

The machine still seems slow, and is pausing quite a bit on start-up.

Still getting the fan running on full when I start up, then when I connect to the internet and then intermittently when not really doing much on the PC

this is how the machine has been since I had the hacktool.rootkit pop up from Norton, and it doesn't seem to have got any better

 

[howard_hopkinso]

Im sorry to hear you`re still having major problems.

Rootkits are notoriously bad and very difficult to get rid of completely.

I honestly think, you`d be better off backing up your important data and doing a reformat and reinstall. At least you`d know the rootkit would be gone.

As I said, I can`t see anything in your HJT log that would account for the problems you`re having. Sure there are one or two things we could get rid of, but I doubt very much whether it would solve your problem.

Regards Howard

 

[jools182]

Thanks for your help Howard

If I do a backup and reinstall, would the infection not just be transferred from my back-up files back to the PC?

Could you also tell me whats worth deleting from my HJT log just so I can try and see if it makes any difference. I would like my machine to be as clean as possible!

thanks

 

[howard_hopkinso]

Backing up your important data should be ok. The rootkit is embedded in your registry and shouldn`t cause a problem once you`ve reformatted the drive.

There`s no point in trying to use HJT to clean your system. There`s nothing in your HJT log that would cause the problems you are having.

Since doing a format will remove evrything from your hard drive, it`s pointless using HJT to get rid of anything.

The fact is, most rootkit infections can only be got rid of by reformating the hard drive. I realise this isn`t what you want to hear, but it really is the best way forward.

Regards Howard

This thread is for the use of jools182 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.