Just finished cleaning process, think I have root kit infections, now what?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dreamscaper555, Jul 29, 2010.

  1. dreamscaper555

    dreamscaper555 Private E-2

    Ok, just to be clear I am running an inspiron 1721 and the operating system is windows vista business. I followed the directions in the cleaning procedure to the letter and encountered no difficulty until the last two steps. Both root repeal and mgtools crashed on me, so I don't have full logs for those. Root repeal kept stalling at winsxs/manifests. This error occurs after locating about 50 or so locked files. I ran it several times with the same result, and the last time I told it to stop scanning and to make a log file. It stopped scanning after much effort, but then crashed when I asked it to make a log. Finally, I just hand copied the information (in short form only, those alpha-numerics are just too much!) to a .txt file and made my own log. Hopefully it will be good enough, since it will show the approximate location of the infected files.

    Next, when I ran MGTools it took literally forever, and I started doing other things while it was working. At some point the whole computer crashed (didn't even blue screen just got staticky and made repetitive bleeps and froze like that) and I restarted with much reluctance from the machine. I wasn't sure about redoing MGTOOLS.exe since it creates folders and all that and the folders are all still there, and so is the log. So I decided to just post with what I have. For all I know MGTOOLS MIGHT have done the job since I wasn't paying close attention to it. Last I saw it was stuck at scanning... in the command prompt.

    One more thing ought to be noted. The computer occassionally crashes when watching movies on Netflix. Netflix uses microsoft silverlight and there was a critical update to be installed for silverlight that never worked because of some missing file according to the error message. I tried uninstalling it (with intent to reinstall fresh) with no luck there since again there is some sort of file missing to uninstall it. Since it wont let me update OR uninstall it, it smells like infection to me. Amazingly it still works, but crashes the whole thing every now and then.

    Anyway, I don't know if what I wrote helps but I thought it worth a mention. Here are the log files from everything. I did disable user accounts, I don't use any emulators, I only run one AV, and the one firewall that came w vista. Everything was clean up until the root repeal part. RR had a hayday, and there are locked processes and all too in case you were wondering.

    Anyhow, I am very appreciative that there is such thorough and knowledgeable help available at MG, thanks for all your time and effort.
     

    Attached Files:

  2. dreamscaper555

    dreamscaper555 Private E-2

    Here is the MGTOOLS log, and I included the log from the root repeal scan of the processes as well for the hell of it along with the crash report. Also, when my PC crashed the last couple of times it made copies of desktop.ini which it put on my desktop and which are accumulating. I have not deleted them since maybe they are important. Any idea why?
     

    Attached Files:

  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You need to put this machine into normal start up mode by using msconfig. Please do this before we continue.

    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here.

    Just because some of the files RR reports as locked or hidden does not mean that they are infected.
    Is the rootrepeal report why you thought you had a rootkit?

    Delete these temp files from your desktop.
    • C:\Users\User\desktop\~WRL0001.tmp
    • C:\Users\User\desktop\~WRL0002.tmp
    • C:\Users\User\desktop\~WRL0005.tmp

    Open notepad and copy and paste the following text in the quote box into the window:

    • Save this as fix.bat
    • Choose to save as all files.
    • Doubleclick fix.bat and let the program run.
    • A small black dos window will flash, this is normal.


    What actual malware problems are you having?
     
  4. dreamscaper555

    dreamscaper555 Private E-2

    Interesting, did not know that. I cleaned it up.



    Why would they be locked if they weren't infected? Also, considering that the system randomly crashes without even blue screening, I would think that there is a kernel problem which I am guessing may be a root kit since root kits take over the kernel. But its just a guess. Computer runs slow, random crashes, locked files... Smells like malware to me and since none of the regular stuff picked anything up root kit seems like a good guess, no?


    Done and done, thanks!

    Well, if I knew that I probably wouldn't be here. All I know is things are happening to my PC that I don't do. For instance in the start bar there is a restart runtime icon for my graphics card. I never did that, so maybe a virus or something did? Also, the PC likes to randomly shut off while I am watching videos, which also makes me think something is messing with the graphics card. But my knowledge of such things is limited. I would just reformat like I usually do, but sadly my optical drive went out on me so that rules that out. I am praying that disinfecting actually works. When I have tried disinfecting in the past it always made the computer worse...

    Thanks for the suggestions!
     
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    My Desktop computer was also crashing/rebooting without blue screening...turns out in my case it's the motherboard that needs replacing, some component on it will not hold the charge. I'm just saying that not all problems are caused by malware. The hidden and locked files seen by RR are normal, trust me.

    Let's run a scan for rootkits just to put you mind at ease. If this turns up clean, I shall be giving you final steps and you will have to visit the software or hardware forum for further advises on the matter.

    SysProt AntiRootkit
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds