Potentially rootkit-masked registry found with Spysweeper

Discussion in 'Malware Help (A Specialist Will Reply)' started by Agitator, Sep 27, 2008.

  1. Agitator

    Agitator Private E-2

    Spysweeper found this three days ago on it's daily scan. I quarantine it and says "Quarantined items cannot harm your computer." When I go to the "Quarantine Items" the folder is empty. If I re-scan it shows up again. Norton 2008 Internet Security finds nothing. I used the Major Geeks Windows XP Cleaning Procedure; removed some problem areas, but every time the Spysweeper runs it finds the same problem. Yesterday Spysweeper stopped hundreds of connections with the Internet giving me alerts all day long. I have never seen this before. Today I did not receive one alert. I seem to have no other problems what so ever with the computer or anything running. I just am now getting this "System Monitor found: Potentially rootkit-masked registry" and am wondering if I am safe or not. Any help would be greatly appreicated!!!
     

    Attached Files:

    Agitator, Sep 27, 2008
    #1
  2. Agitator

    Agitator Private E-2

    MGLogs
     

    Attached Files:

    Agitator, Sep 27, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to tell me what is being reported exactly...full path.

    You also need to remove one of these:
    Webroot AntiVirus with AntiSpyware
    Norton AntiVirus
     
    TimW, Sep 29, 2008
    #3
  4. Agitator

    Agitator Private E-2

    I uninstalled and re-installed the Webroot Spysweeper to get the Spysweeper Anti-Virus off the computer. It looks like the Anti-Virus is automatically installed now with the Spysweeper. No choice if you want the updates. I shut down both the virus scanner and the anti-virus in the Spysweeper menu so that they are not running at this time. I did a sweep with Spysweeper and it made it though the registry inspection finding nothing. Let me sweep it again and see what it comes up with. As for full path, all the Spysweeper told me was "System Monitor found: potentially rootkit-masked registry" Dosen't really say where it found a problem other than it is a registry item. The Spysweeper is at this time though blocking tons of things saying "Intenet Communication Shield has blocked access to ....(some website)....."just like the other day. Let me sweep it again and let you know what happens. Thanks for your help!
     
    Agitator, Sep 29, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What I am trying to tell you is that you need to uninstall one of those programs ---> you should not be running two anti-virus programs.

    I don't recall if you have a firewall installed.
     
    TimW, Sep 29, 2008
    #5
  6. Agitator

    Agitator Private E-2

    I understand the one anti-virus thing. Spysweeper used to be just anti-spyware. Norton took care of the anti-virus. Now Spysweeper's update automatically puts in the anti-virus program. This is a recent update from Webroot. I do have it unchecked "not to run" the anti-virus on the Spysweeper. I don't see how to install just the Spysweeper anti-spyware without installing the Spysweeper anti-virus. Should I just get rid of the Spysweeper all together? Or is it enough to have the anti-virus shut off on the Spysweeper? The only firewall I run is the Norton. I do not run a firewall from XP or the Spysweeper.
     
    Agitator, Sep 29, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you have the anti-virus disabled, then you need not uninstall Spysweeper. And as long as it is stopping things and Norton has a firewall that is blocking intrusions, then all should be well.

    If you are not having any other malware problems, it is time to do our final steps:


    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below

      * Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combo-fix folder from combofix.

    4. If we had you run Avenger, you can delete all files related to Avenger now.
    5. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    8. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    9. Go to add/remove programs and uninstall HijackThis.
    10. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    11. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    12. After doing the above, you should work thru the below link:

     
    TimW, Sep 30, 2008
    #7
  8. Agitator

    Agitator Private E-2

    I re-scanned everything again and all looks good at this point. Do the logs look okay to you??:confused What do you think caused the problem? Was it a false/positive? Something went bad in the Spysweeper? I am curious to know your opinion. I have deleted everything as you asked in your final steps and this computer has never run faster. Thank you for your help!!!:-D
     
    Agitator, Sep 30, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Could have been a false positive...I really do not know. Good to know you are running well and you are welcome....safe surfing. :)
     
    TimW, Sep 30, 2008
    #9
  10. Agitator

    Agitator Private E-2

    Thanks for all the tips and fixes!:wave You've saved me a ton of headaches!
     
    Agitator, Sep 30, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem...enjoy. :)
     
    TimW, Oct 1, 2008
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds