MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 12-22-10, 13:46
Rln126 Rln126 is offline
Private E-2
 
Join Date: Aug 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default how to tell if you have a rootkit virus

How can you tell if you have a rootkit virus. Below are my symptons

I cannot access several programs (norton security suite, Internet Explorer, etc). I can for some reason access any of the office products. However, antivirus programs I installed after I detected the issue are running.

I have run Windows security suite, spybot, and the geeksquads scanning. Nothing was found. Some of these, I could only run in safe mode.

For me it is saying virus, but it is very frustrating.

Any help you can give is greatly appreciated.

Also if anything is suggested, should it be run in safe mode or regular mode,
Thanks
Reply With Quote
Sponsored links
  #2  
Old 12-22-10, 14:40
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,588
Thanks: 437
Thanked 4,623 Times in 4,367 Posts
Default Re: how to tell if you have a rootkit virus

Please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #3  
Old 12-25-10, 07:39
Rln126 Rln126 is offline
Private E-2
 
Join Date: Aug 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: how to tell if you have a rootkit virus

I follow your instructions in the read me document( with the exception of running RootRepeal as I have a 64 bit machine).

I also reinstalled Norton Internet Security Suite(and for some strange reason internet explorer started working). I am however, having issues with the programs. It keeps telling me the short cut cannot be found. On one it is telling me that it found the exe but in a system restore, which I think is questionable.

When you asked to remove the following, Viewpoint Media Player. When I went to add/remove programs it was there, however, when I went to uninstall it, it said it had already been removed do you want to delete this which I said yes. Is that strange, as I never even know it was there. I had this same issue with Norton before I reinstalled it.

I did not remove any system restores, because I am not sure that it completely removed everything. It also will not recognize one of my usb ports. If you feel I should still do the step on system restore, please let me know.

One other note, when I was running MGtools, at one point I got a message that PEV.cfxee cannot run. I just closed the window as I was unsure what it was. Does this look familar to anyone?

Is there anything else I can do to determine what is going on.
Attached Files
File Type: txt ComboFix.txt (23.3 KB, 2 views)
File Type: txt mbam-log-2010-12-24 (12-46-10).txt (972 Bytes, 3 views)
File Type: zip MGlogs.zip (321.2 KB, 3 views)
File Type: txt SASlog.txt (840 Bytes, 3 views)
Reply With Quote
  #4  
Old 12-25-10, 13:11
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,588
Thanks: 437
Thanked 4,623 Times in 4,367 Posts
Default Re: how to tell if you have a rootkit virus

Quote:
Originally Posted by Rln126 View Post
I also reinstalled Norton Internet Security Suite(and for some strange reason internet explorer started working). I am however, having issues with the programs. It keeps telling me the short cut cannot be found. On one it is telling me that it found the exe but in a system restore, which I think is questionable.
Which programs are you having issues with? You can right click your program icon and choose properties and see if the target shows the path to the exe file. If not, you just need to put the full path to the exe in the target box.

You do have a lot of items that indicate that the file is missing.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
Quote:
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (file missing)
O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll (file missing)
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (file missing)
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll (file missing)
After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


But you do not have a rootkit issue. Most of your problems are probably with windows. This means that you should post in the software forum to try to straighten out these issues.

Tell me exactly what issues you are still having.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #5  
Old 12-31-10, 04:57
Rln126 Rln126 is offline
Private E-2
 
Join Date: Aug 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: how to tell if you have a rootkit virus

I did what you suggested and got a successful message. Can you tell me a little more info about why I was doing it?

Also can you recommend and windows support forums to look at? This is very nerve wracking that most of my applications cannot find the path.

If there is anything else you can recommend, please let me know.
Reply With Quote
Sponsored links
  #6  
Old 12-31-10, 13:42
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,588
Thanks: 437
Thanked 4,623 Times in 4,367 Posts
Default Re: how to tell if you have a rootkit virus

We were just removing items that had no file associated with them. As I said, you have some kind of corruption with your programs and the best thing to do is to reinstall them. I suggest that you seek further guidance in the software forum. This is not a malware issue.

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


  3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis.
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.

  10. After doing the above, you should work thru the below link:




Help Support MajorGeeks
Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Have a BAD virus - maybe rootkit - need help ken_in_dfw Malware Removal 4 07-05-10 14:48
MBR Rootkit virus found - Please Help. MKATTS Malware Removal 3 01-27-10 21:30
Rootkit/virus? Can't delete. shane17 Malware Removal 1 02-06-09 11:18
Need help with virus + rootkit removal The_Rebel Malware Removal 1 07-07-08 19:52
rootkit/virus that i just cant seem to get rid of... help? daemorok Malware Removal 2 01-23-08 01:37


All times are GMT -5. The time now is 06:16.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger