Help me get rid of HACKTOOL.ROOTKIT Please!

Status
Not open for further replies.
D

djbosch

I am trying to fix my friend's mom's laptop. I have no idea what she has downloaded but I have uninstalled most of what I think is bad. I have been reading some other threads and downloaded Hijacker - I have attached the log, could someone give me some advice as to what I should do from here?

Norton keeps finding the virus in c:\windows\system32\kbdrv64.sys. I can delete it in safe mode but it keeps coming back. I can't seem to find what program is creating it.

I know that I need to get the SP2, but I think I should install that after I get rid of this?

Thanks
 
Run HJT and let it fix:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)


Read: How to remove Hacktool.Rootkit
 
Anything else?

I've followed all the steps, but still have the hacktool.rootkit in kbdrv64.sys. The only step I couldn't complete was the scan from trend micro, it wouldn't load for me. I've attached a copy of the most recent hijack results. Do you have any other advice. Thanks so much!
 
I think it's fixed.

I went through the hijacker list again and fixed some more items. I believe the system might be clean. I connected to the internet and pulled up several web sites for about an hour last night, ran norton and ewido again. Everything came up clean. I'm just afraid I am going to plug it in at her house and the virus is going to pop up again. Anything you think I should check or run to make sure it is really gone? Thanks again!
 
This is cosmetics, fix it with HJT:
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\USBSubsystem (file missing)

Other than the Read: How to.. I have no other help, I'm afraid.
Try Google
 
Status
Not open for further replies.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
832
losdavos
losdavos
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
479
eriksnyman1
E
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
317
Nelson28
N

Latest posts

Back