can't rid of rootkit 36240

Discussion in 'Malware Help (A Specialist Will Reply)' started by ruffshady187, Jul 14, 2010.

  1. ruffshady187

    ruffshady187 Private E-2

    My bitdefender antivirus keps picking up this rootkit 36240 and i try to delete and it won't let me and i quarantine but it keeps coming up. I have run malwarebytes and picked up nothing as well as rootkit revealer and still nothing. only bitdefender picks it up. I have done the proper cleaning acording to your read me post. I have only bitdefender antivirus. Icannot get rid of this rootkit. Please let me know the next step. Here is what bit defender is saying is infected by the rootkit 36240 files.

    c:system volume information a bunch of files embedded
    c:windows/installer embedded a bunch of files. Please advise
    Thanks
     
    ruffshady187, Jul 14, 2010
    #1
  2. ruffshady187

    ruffshady187 Private E-2

    sorry forgot to post logs.
     

    Attached Files:

    ruffshady187, Jul 14, 2010
    #2
  3. ruffshady187

    ruffshady187 Private E-2

    mg log
     

    Attached Files:

    ruffshady187, Jul 14, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Files in you system volume info can not be removed unless you toggle system restore. As for the rest, you need to attach either the log from Bitdefender so we can see what it is reporting on, or give us the full path to the reported files.
     
    TimW, Jul 15, 2010
    #4
  5. ruffshady187

    ruffshady187 Private E-2

    c:\system volume information\_restore{0C1D...}\RP465\A0086259.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    c:\system volume information\_restore{0C1D...}\RP465\A0086259.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    c:\system volume information\_restore{0C1D...}\RP465\A0086260.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    c:\system volume information\_restore{0C1D...}\RP465\A0086260.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    c:\system volume information\_restore{0C1D...}\RP469\A0088460.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    c:\system volume information\_restore{0C1D...}\RP469\A0088460.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    c:\system volume information\_restore{0C1D...}\RP469\A0088461.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    c:\system volume information\_restore{0C1D...}\RP474\A0089664.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    c:\system volume information\_restore{0C1D...}\RP469\A0086260.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    c:\system volume information\_restore{0C1D...}\RP474\A0089664.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    c:\system volume information\_restore{0C1D...}\RP474\A0089665.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    c:\system volume information\_restore{0C1D...}\RP474\A0089665.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    c:\system volume information\_restore{0C1D...}\RP476\A0090821.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    c:\system volume information\_restore{0C1D...}\RP476\A0090821.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    c:\system volume information\_restore{0C1D...}\RP476\A0090822.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    c:\system volume information\_restore{0C1D...}\RP476\A0090822.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    C:\WINDOWS\iNSTALLER\16246.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    C:\WINDOWS\iNSTALLER\16246.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2G)
    C:\WINDOWS\iNSTALLER\20b320.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE R)
    C:\WINDOWS\iNSTALLER\20b320.MSI=>(EMBEDDED EXE)=>(EMBEDDED EXE 2g)

    These are the paths bitdefender gives me. I do not know where to get the log.
     
    ruffshady187, Jul 15, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The restore files can only be removed by toggling system restore. The last few we can try using Avenger to remove:

    Download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now tell me if you are still having issues.
     
    TimW, Jul 16, 2010
    #6
  7. ruffshady187

    ruffshady187 Private E-2

    error: invalid script. A valid script must begin with a command directive. Aborting execution. This is the error I got when trying to execute. Please let me know what next.
     
    ruffshady187, Jul 16, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you copy the entire contents of the quote box?
     
    TimW, Jul 16, 2010
    #8
  9. ruffshady187

    ruffshady187 Private E-2

    error: could not set driver imagepath. aborting execution . I did not copy the files to delete part before. My mistake but I did not and this is the current error Im getting.
     
    ruffshady187, Jul 16, 2010
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Can you use windows explorer to find and manually delete the files?
     
    TimW, Jul 16, 2010
    #10
  11. ruffshady187

    ruffshady187 Private E-2

    I found and deleted the two files. I won't know if this works until my antivirus runs and see if it picks it up. Was that the root kit in disguise? Did you see anything else on my other logs?
     
    ruffshady187, Jul 16, 2010
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I did not see any other issues in your logs. No indication of a rootkit and you haven't had the same symptoms as what the new Rootkit infection that is going around. It is always possible that it was a false positive.

    Have you toggled system restore yet?
     
    TimW, Jul 16, 2010
    #12
  13. ruffshady187

    ruffshady187 Private E-2

    by toggle I assume you mean uncheck and turn off apply then turn back on an apply? I did do this. I also was at one point trying to system restore but every date I tried it was unachievable. Anything else that could be slowing my computer? When I go to websites it looks like on the bottom task bar it flickers back and forth between addresses a lot.
     
    ruffshady187, Jul 16, 2010
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have to reboot in between. Turn off ( uncheck ) system restore, reboot, then recheck the box.

    And your system will be slow until you at the least double your RAM:
     
    TimW, Jul 16, 2010
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds