Did RR, still something/settings reset

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Calsu, Feb 5, 2010.

  1. Calsu

    Calsu Private E-2

    Hi! I had a bunchload of stuff on my Computer, running Windows 7. Did all the scans but there´s still something. "malwarebytes detect it, says it removes it but it´s back again next reboot" vqfpnchs.sys (Rootkit.Agent)

    Here´s my logs
     

    Attached Files:

  2. Calsu

    Calsu Private E-2

    Also after those i ran TDSSKILLER

    Log attached.
     

    Attached Files:

  3. Calsu

    Calsu Private E-2

    Sorry for the "reply" but i forgot to mention that i was unable to run RootRepeal, it says some DeviceIOError.
     
  4. Calsu

    Calsu Private E-2

    Started with Knoppix and removed it, the stuff was so sticky that it couldnt be read by any software/removal tool. Also the registry keys were unmovable. No i got it away though.

    Thanks!
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you saying that you are now clean and no longer need assistance?
     
  6. Calsu

    Calsu Private E-2

    Well i think so, i seem to be clean from the last item, Sorry for my english im from Finland so. I very much thank you for your Malware Sticky Thread, it made my day, except for the last item. Tried to google it but nothing found. Maybe it just works the way it generates a random file name.

    I had this c:\windows\system32\drivers\vqfpnchs.sys and in no way i was being able to delete it. Not in safe mode, nothing) (File unreadable/Device not working), Malwarebytes detected it and said to remove after boot but it always was back. Also few registrykeys it had were unmovable/readable. So afterall i decided to start my computer trough Knoppix liveCD, mount my NTFS to there and just delete it. After that i was able to remove the registrykeys. I´m not that of a Windows expert that i would know if im safe now, or atleast did this file leave some "hole" (or pointer to this file?) to my kernel or anything. It seems that it was in kernel (if thats even possible, i had some karspersky log about it but i think ive lost it). Anyway scans do not show anything anymore, so guess im clear, and yeah if thats the case, need no assistance furthermore. Thanks again!
     
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Then just keep an eye on your system for a few days, and if something seems wrong or suspicious, redo all the scans again and attach new logs. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds