rootkit problem

rootkit problem
So my mothers laptop appears to have a rootkit problem. I noticed it when I kept getting an error message in firefox. "shockwave flash has performed an illegal operation etc etc". I googled the problem and it turns out that I have a rootkit on the computer. I tried installing f-secure Blacklight, but it says that I don't have sufficient administrator privileges to install it an that either I am no the administrator, or else some malware is blocking me from those privileges.

So I googled around a bit more and I found another program that does much the same thing called Sophos Anti-rootkit. I installed it and ran it, but the same problem occurred - it told me that I didn't have admin privileges. I tried running them both in safe mode but they "cannot be run in safe mode".

So I googled around a bit more and read up about it abit more and decided to try download and run HJT. However, each time I type the name of that program in full into google the browser closes automatically. This occurs in both IE and FF. Even if I separate the words into Hijack This and search, upon getting hits in google, if I try to click on a link to download the same thing happens again. The browser closes.

So I downloaded and ran AVZ antiviral toolkit. I ran the system investigation and then the full scan.

I think you'll agree this is very very strange...

Here are my results:

 

results of avz anti viral toolkit system investigation (word document zipped):

 

http://www.majorgeeks.com/images/grenade.gifWelcome to MajorGeeks.com!http://www.majorgeeks.com/images/grenade.gif

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support

 

Thanks, I have tried all of those options. This is a last ditch effort before I bite the bullet and reinstall windows xp.

why is that zip file not showing up?

 

OK, I ran AVG Anti Rootkit and 2 files showed up (in regular, not in-depth, scan mode)and they are

C:\WINDOWS\lpt6.ify
C:\WINDOWS\mlwgk1.dll

I googled them and neither produced any hits. Any ideas? Should I delete them? AVG antirootkit says not to do so unless I am sure that they are malicious files. They couldn't be part of the OS tough, could they? Otherwise they would produce a hit in google...

Any ideas? cheers.

 

Did you try to attach it? Try attaching it once more.

 

You should be patient and let's do one thing at a time. You can't just start removing stuff, you have to go thru logs and remove certain things in a certain order. It's not as easy as it sounds or appears, there is a lot more to it than just removing a few files.

 

ok. here it is:

 

ok. cheers. i managed to dnload hjt from rapidshare under a diffreent filename, but when I try to install it it closes immediately. very weird.

anyway, I'm all ears if you can help at all.

thanks,
pinksoir.

 

here is my combofix log:

 

and here is my rootkit revealer log too...plenty to chew on!

 

From now on please do not run anything or attach anything I do not request. You must follow my instructions and attach what I request.

Go back to post 3 and follow my instructions. I need the MGLogs.zip so I can go thru your logs and remove the infections.

 

it's ok. I reformatted. please close thread.

thanks.

 

I hate to hear you formatted, we could have removed these infections however it's impossible for me to help you when you're not following my instructions. You have to remember, I can not see your computer, the logs give me a little peek into your system so I can help you remove the infections. When you do not help me to help you it makes it a little difficult.

Anyway, to prevent future infections please see the thread below.

How to Protect yourself from malware!

 

Well I appreciate that you took the time to look at my problem. Next time (though I hope there isn't a next time but I'm sure there will indeed be!) I'll follow you advice to the T. I didn't mind reformatting as the laptop had very little on it (it's my mothers), though I feel that reformatting is a cop out and would have liked to solve he prolem without resorting to it. Ah well.

Anyway, thanks a million, and again, I appreciate the time you took.

cheers,
karl.

 

Your Welcome!

Surf Safely!:major