Rootkit over new install

Discussion in 'Malware Help (A Specialist Will Reply)' started by millertime, Mar 16, 2009.

  1. millertime

    millertime Private E-2

    As of yesterday, I have just freshly installed a bran new HD and reinstalled windows. Now today, I am still having issues with my pc as far as speeds and redirects. This has been limited to rootkit according to the software tech from my ISP who was also here today. Without installing 30 different progs, what is the recommended easiest way to insure this issue resolved?
     
    millertime, Mar 16, 2009
    #1
  2. millertime

    millertime Private E-2

    Reading through the forums, I see this being recommended alot.

    We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    "%userprofile%\Desktop\combofix" /u
    Notes: The space between the combofix" and the /u, it must be there.
    This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

    Delete the C:\combofix folder from combofix (if it exists)

    Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    Go to add/remove programs and uninstall HijackThis.
    You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    If you are running Vista, Windows XP or Windows ME, do the below:
    Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    Then reboot and Enable System Restore to create a new clean Restore Point.

    After doing the above, you should work thru the below link:
    How to Protect yourself from malware!

    You think it might be possible to provide links to things like this?? Makes it much easier for those that know nothing about computers. Me included. :(
     
    millertime, Mar 16, 2009
    #2
  3. millertime

    millertime Private E-2

    Here are the results from the FAQ.
    Can I get some help with this issue please?
     

    Attached Files:

    millertime, Mar 16, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    All you have to do is read the sticky threads in the forum like you are supposed to do before posting. For example this one How to Protect yourself from malware! relates to your comment. And this sticky READ & RUN ME FIRST. Malware Removal Guide is what you should have run before posting. ;)

    If you are having malware problems after reinstalling then whatever you are reinstalling from (like your backups from a USB drive or flashdrive) are likely the source of your problem. Your ComboFix log showed D:\resycled What is drive D? It is infected and this infection can spread to all drives on your PC. And if drive D is a removable media type device, you will spread this infection to anything this media is plugged into. If drive D is a fixed hard disk (which it appears to be) then if it is infected (and the above was an infection) it can reinfect other drives or external devices when they are plugged in.

    What are the below folders for?
    Code:
    2009-03-16 01:49 . 2009-03-16 01:49 <DIR> d-------- c:\program files\d4
2009-03-16 01:49 . 2009-03-16 01:49 <DIR> d-------- c:\program files\d3
2009-03-16 01:49 . 2009-03-16 02:32 <DIR> d-------- c:\program files\d2
2009-03-16 01:49 . 2009-03-16 02:16 <DIR> d-------- c:\program files\d1
    Your logs are clean but you do have a few things to do. First you have NO PROTECTION installed which is very dangerous.

    Uninstall Viewpoint Media Player as requested in step 1 of the READ & RUN ME.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    After clicking Fix, exit HJT.


    Are you actually having any malware problems?
     
    Last edited: Mar 18, 2009
    chaslang, Mar 18, 2009
    #4
  5. millertime

    millertime Private E-2

    The 4 folders in which you referred are for diablo II.
    I have 4 seperate installations. This is for running multiple instances.


    As for your question about having issues, I am. Constant redirects and very slow speeds. I have read and followed the sticky step by step. Didnt see viewpoint. As for the rest, I did it. My internet, will redirect me from page to page and sometimes wont connect at all. This pc isnt anywhere near best but it doesnt suck...lol Anyway, I randomly, at different times, drop from the internet. My ping will go up to the 500's +. I have been round and round with my ISP as I though it was on their end. After having them out here 5 times now, they say it's a pc issue. Had their software teck out here and a sup that brought their own notebook and had no issue. They hooked mine back up and alot of issues. The speeds were slow and the drops are random but constant. Meaning happens often. Other times, it's fine. The teck said that I have virus issues. This is why I came to you guys. Now, as far as all the scans and steps, I have followed all of them. For the software (antivirus), what do you recommend? Doesnt have to be free, but does have to be good. Though free is nice as well. ;)
     
    millertime, Mar 19, 2009
    #5
  6. millertime

    millertime Private E-2

    I had heard so many good things about this site and the ones who operate it that I decided to use it. Now that I have, it's rather regretful that the help is not only neglected but looked upon by those doing it as a negative. Seemingly, the support is offensive and only makes some feel less cared about. Sadly, I was looking forward to working with you guys to resolve, or try and find a resolve for my issue. :( I guess i'll have to fond another solution as this has been a lost cause. I do appologize for my negativity but this is how I feel this has been handled. Just not alot of respect here. :confused
     
    millertime, Mar 20, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't know what you are referring too. This forum is far from neglected. It is just extremely busy and we don't have enough people here lately to provide FREE support. We all have personal lives that sometimes take precedence over posting here in our FREE time.

    Still don't know what you mean because all you were presented with were the facts. You asked about links and I told you where they were. The sticky threads are required reading before you post. This is standard operating procedure on all forums.

    The only problem that showed in your logs is what I asked a question about and the was
    and you did not answer this question. This type of infection can spread to ALL drives. And if drive D was a removable device, and PC the removable device is plugged into could become infected.
     
    chaslang, Mar 23, 2009
    #7
  8. millertime

    millertime Private E-2

    I'm no longer sure what the issue is now. I do know that something is wrong and I would really like to find out what it is.

    Drive D: was another hard drive. When I ran the requested files, I did also include that drive. Now if there is something else I need to do, or if I am missing something, please let me know. I would still very much like to know what AV software you would recommend??

    Per my last post, I believe I may have been seeing things that werent there being as I have been dealing with someone who has stolen my email and other account info. This wasnt due to any logger but was aquired from another forum. I had made a secondary email addy long ago that over time had been used for other thing. The pass there was the same and not something that I had picked up on. Anyway, I do appologize for that and would very much like to get any and all issues here resolved asap so I can install a GOOD AV software and keep it clean.
     
    millertime, Mar 23, 2009
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As I said previously your logs are clean. If you have been using any removable type drives, they may be infected and if you plug them back into this PC or any other PC, the infection will spread.

    Since you say the D drive is a hard disk, I suggest you look for the D:\resycled folder and delete it if found. Also look on all of your hard disks and removable devices for a file named autorun.inf and delete it if found.

    One of the ones mentioned in the link I gave you. How to Protect yourself from malware! I would suggest starting with Avira and see how you like it. If you don't like it, uninstall it and try Avast.

    I also suggest that you run this Running GMER to detect rootkits and attach GMER log.
     
    chaslang, Mar 27, 2009
    #9
  10. millertime

    millertime Private E-2

    I have per your request searched to insure the specified file name(s) are non-existant/deleted.

    The requested log has also been attatched. ;)

    Thank you for your recommendation for the software. I would however like to know what you use yourself at home for security. Didn't actually mean free software. I'de like one that will insure the pc security on a whole and not just surfing. Someone had recommended KasperSky outside of this site. What I want is a single prog that will ensure everything stay safe without worries from surfing and downloads. An all in 1 if you will. :cool
     

    Attached Files:

    millertime, Mar 28, 2009
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Only one item in this log seems questionable. And that is the below:

    C:\Documents and Settings\User\Local Settings\temp\BNe38FD.tmp

    Does this file exist? If so, can you delete? And does it come back after a reboot? Also check for similarly named files.

    Also run this Using Dr.Web CureIt and attach the log.



    I use many different ones due to the nature of what I do here. The three I do use the most on my kids and friends PCs are Avira, Avast, and AVG although not particularly in love with AVG since version 8 and above came out. Sometimes I have used Comodo Internet Security Suite on a few fast PCs that have lots of RAM (3 GB or more). All antivirus programs have their pros and cons. And these can change with each update. If I were to list a few things that affect my choice, it would be false detections (aka false positives or FPs), the severity/stupidity of the FPs, actual detection rates of malware, ability to remove what is found, scanning time. Based on the above criteria I would currently list in the below order of best to worst.
    • Avira
    • Avast
    • AVG
    Personally I don't like nor do I recommend security suites. They all have too much bloat and tend to dramatically slow most PCs down to where we get a constant amount of posts in the malware forum saying their PCs are slow. In many if not most cases, it is not malware. It is the security suite they are running or it is the PC specs (i.e., speed and amount of RAM).

    If you think that a security suite is not going to affect your PCs performance that much or don't mind the affect, then by all means check one out. I suggest you see if you can find trial programs (like 30 day trials) to test before you buy. In fact even give the free Comodo Internet Security a try to see how your PC performs with it. Since your PC is a little slow ( 1.6 Ghz) and a little light (for my tastes) on RAM ( 1.536 GB ), you may find a security suite to be too demanding. You will be the best judge of how it affects your system.
     
    chaslang, Mar 31, 2009
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds