how to tell if you have a rootkit virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Rln126, Dec 22, 2010.

  1. Rln126

    Rln126 Private E-2

    How can you tell if you have a rootkit virus. Below are my symptons

    I cannot access several programs (norton security suite, Internet Explorer, etc). I can for some reason access any of the office products. However, antivirus programs I installed after I detected the issue are running.

    I have run Windows security suite, spybot, and the geeksquads scanning. Nothing was found. Some of these, I could only run in safe mode.

    For me it is saying virus, but it is very frustrating.

    Any help you can give is greatly appreciated.

    Also if anything is suggested, should it be run in safe mode or regular mode,
    Thanks
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  3. Rln126

    Rln126 Private E-2

    I follow your instructions in the read me document( with the exception of running RootRepeal as I have a 64 bit machine).

    I also reinstalled Norton Internet Security Suite(and for some strange reason internet explorer started working). I am however, having issues with the programs. It keeps telling me the short cut cannot be found. On one it is telling me that it found the exe but in a system restore, which I think is questionable.

    When you asked to remove the following, Viewpoint Media Player. When I went to add/remove programs it was there, however, when I went to uninstall it, it said it had already been removed do you want to delete this which I said yes. Is that strange, as I never even know it was there. I had this same issue with Norton before I reinstalled it.

    I did not remove any system restores, because I am not sure that it completely removed everything. It also will not recognize one of my usb ports. If you feel I should still do the step on system restore, please let me know.

    One other note, when I was running MGtools, at one point I got a message that PEV.cfxee cannot run. I just closed the window as I was unsure what it was. Does this look familar to anyone?

    Is there anything else I can do to determine what is going on.
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Which programs are you having issues with? You can right click your program icon and choose properties and see if the target shows the path to the exe file. If not, you just need to put the full path to the exe in the target box.

    You do have a lot of items that indicate that the file is missing.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    But you do not have a rootkit issue. Most of your problems are probably with windows. This means that you should post in the software forum to try to straighten out these issues.

    Tell me exactly what issues you are still having.
     
  5. Rln126

    Rln126 Private E-2

    I did what you suggested and got a successful message. Can you tell me a little more info about why I was doing it?

    Also can you recommend and windows support forums to look at? This is very nerve wracking that most of my applications cannot find the path.

    If there is anything else you can recommend, please let me know.
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We were just removing items that had no file associated with them. As I said, you have some kind of corruption with your programs and the best thing to do is to reinstall them. I suggest that you seek further guidance in the software forum. This is not a malware issue.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:




    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds