Re: Back (yet) Again... :-)

Ok - this time I may actually need more help than just a reminder of what I'm supposed to do BEFORE posting here. :-o

My computer was acting a bit slow and I decided to run Combofix on it because - I don't know....just felt like it was the thing to do. It found a Rootkit and deleted several files. When it was through and the system had come back up to normal the screen flashed a couple of times so I ran Combofix again. Again a Rootkit was found. The system came up normally after that. Here is the Combofix log. ComboFix deleted some files but I am not seeing what (or which) Rootkit was on my system.

Can you let me know which one ComboFix found? I can then try to find out if it is installed in something (like an e-mail file somewhere). Thanks in advance.

 

Hi Chaslang!

I already had run all of the software previously and nothing showed up. See the previous posts on this topic. That was why I just ran ComboFix.

A good chastising though. :-o

I don't normally post who I am but I have been working with computers since 1972 when I used teletypes. Normally I'm the guy all of my friends turn to to help them with their computers when there is a problem. I've used ComboFix (and a lot of other software) to get rid of viruses, malware, rootkits, etc... in the past and have even gone in and removed things by hand.

However, I don't know everything there is to know about the bad guys and can use a hand every now and then. As I said - I can not figure out which rootkit was being used on my system but ComboFix doesn't say there is a rootkit unless there really is a rootkit. Otherwise it just goes into Stage_1, Stage_2, and so on.

So I usually post because there is something going on that I just can not figure out or are too tired to figure out or whatever. (Like right now I have the Flu.) Still, you are right - I should have re-run everything when I suspected something was wrong. I only skipped that part because it hadn't shown any kind of a problem when I ran it earlier in the week.

In addition to the normally run items I did a complete scan with Avira and then uninstalled that and installed BitDefender. (Because it is the #1 rated antivirus software presently according to www.av-comparatives.org.) BitDefender found 225 types of malware the last time (a couple of weeks ago) on my system but this time it didn't find anything either. I also ran SUPERAntiSpyware (didn't find anything), Spybot (nothing here), and the MalwareBytes again (nothing either). So I had exhausted my normal set of things I use to detect problems and ComboFix seemed the next logical shoice. So I just went "Well - whatever" and tried it and it found something.

Conversely - ComboFix on a second system (I went - why not?) did NOT find a rootkit (which I thought it would given that my first system had one). Instead there was a different problem that ComboFix found and fixed and which none of the antivirus or antimalware programs had found. Forget what it was because I was more interested in the rootkit on my main system. *shrug* what can I say? I've got the flu and don't really feel too good.

Anyway, if anyone can tell which rootkit was on my system - please let me know. I probably just missed it while I was blowing my nose or hacking and coughing my lungs out. Actually - I think I'm going back to bed now. I can work on this later.

 

"We cannot tell you about something that is not in any of your logs or that may have been there in the past"

Yes, I know that but as I first posted - I did not see anything in the log and thought to ask. I do own Alcohol 120% and know that it puts what can look lilke a rootkit into the system. However, ComboFix has never tried to get rid of it. So I thought ComboFix already knew about it.

On ZoneAlarm - I am actually using ZoneAlarm. PrivateFirewall began doing some very strange things. Basiclly PrivateFirewall would not allow me to run programs. I had decided to use the auto-detect mechanism they put into PrivateFirewall and that is what began mucking around with things so I uninstalled it and went back to ZoneAlarm. I do like to try out new pieces of software I find (such as what is found here at MajorGeeks). *shrug* What can I say?

I do have msconfig holding off some things because I am thinking of removing them from the startup process since they do not have to run in the backgorund all of the time. Haven't decided whether or not to do anything with them yet. Just been trying to get over this gunk I have.

Thanks for looking at the report. So nothing there. Hmmmmm...... Too hard to think straight right now. Time to take more meds and go back to bed. Later.