1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible Rootkit Activity?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by shagschain, Dec 4, 2017.

  1. shagschain

    shagschain Private E-2

    Hi Helpful Geek Pals,

    I've been experiencing slow-down for a few months but figured maybe my PC was just getting older but now it looks as if I've gotten some kind of malware. When trying to update MalwareBytes it kept giving me an error that it couldn't install due to possible rootkit activity and I should reboot to try to force update to install. This never worked. I got bluescreened a couple times too. (Examples attached). Additionally my firewalls would randomly shut off, Windows updates wouldn't process, and McAfee would function improperly (firewall turned off, scanning turned off, etc).

    After running all the scans MB was able to update and scan so I hoped it had solved problems but no such luck. I'm still having massive slow-down, but there are new additions. When attempting to wake my computer back up after it's fallen asleep, it'll often go to a completely black screen and stay there until I force shut-down. It did this again just tonight and when I first turned my computer back on (only turned it off for a few seconds) it went to the same black screen. After 20 minutes with no response I turned it off for a longer period, then upon powering up it went to chkdsk (and did find some damage).

    I'm stumped on where to go from here. Any and all help is greatly appreciated. Thanks.

    (I started running through the scans back in July but then was distracted by life and not seeing nearly as many problems. I've attached both old and new scans for those I have, in case they indicate anything. )
     

    Attached Files:

  2. shagschain

    shagschain Private E-2

    More Files.
     

    Attached Files:

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are all old. Please go back to the Read and Run First instructions.
     
  4. shagschain

    shagschain Private E-2

    I had a screenshot saved of the rootkit error message I kept getting from mbam but apparently it's been deleted somehow, so alas, no visual.
     
  5. shagschain

    shagschain Private E-2

    The newer ones are from 1-2 weeks ago. Is that too old? (As I mentioned, I included old and new logs in case that indicated anything.) I'll start running them again just in case.
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes.
     
  7. shagschain

    shagschain Private E-2

    Finally got them to all go through again. I'm getting the Anti-Rootkit message from mbam again so I uploaded a screenshot of that as well, in case it's not a commonly known message.
     

    Attached Files:

  8. shagschain

    shagschain Private E-2

    I think that should be the last of them.
     

    Attached Files:

  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any evidence of a rootkit. However, do rerun Hitman and delete these items:
    Potential Unwanted Programs _________________________________________________

    HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}\ (Linkey)
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
    HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
    HKU\S-1-5-21-2475549740-2089778623-3011127637-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} (Linkey)

    Then do the same with RogueKiller and delete these items:
    ¤¤¤ Files : 21 ¤¤¤
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\shagschain\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Found

    Reboot and rescan with both Hitman and RogueKiller and attach the new logs.
     

Share This Page


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


<