WIN32:RustNT [Rtk]

constructiveentropy · Sep 13, 2009

My computer is infected with WIN32:RustNT [Rtk] and I can't seem to do anything to get rid of it.

I use Avast as my anti virus software. The problem started on August 13 and I keep on getting error message that Avast has found this virus, usually in the C:\Windows\System32\drivers\beep.sys file. It identifies the type of virus as a Rootkit. I delete the file, but it usually pops again after a minute or two.

When I first started getting these messages, I immediately downloaded the latest database for Avast and did a boot scan. This did not help the problem. I tried to doing another scan and this also did not help. I then turned off my computer and didn't start it up again until today (I have a work laptop that I can use at home as well).

My computer runs on Windows XP.

Now I have read through the READ & RUN ME FIRST help section and followed all that advice. I ran into a few snags while doing this, explained below:

While I was running Malwarebytes, I still had Avast running at the same time which caused Avast to keep on popping up prompting me to manually delete virus files. I did this about 10-20 times before turning Avast off midway through the scan. After this, I was sure to turn off Avast, SuperAntiSpyware and Windows firewall for all subsequent steps.

I was unable to run combofix. When I attempted to click on the icon, it triggered a small progress bar to pop up next to my mouse which stayed there for about 20 seconds, but when it completed nothing happened. I double clicked on the icon again and the same thing happened. I then rebooted my computer and went on to run RootRepeal.

When running RootRepeal, I got an error message that said 'invalid pe image found', but then when I pressed ok the program appeared to run correctly.

I'm attaching all log files (including my avast log files). Please help!

Thanks in advance!!!

constructiveentropy · Sep 13, 2009

Attaching final log file.

TimW · Sep 18, 2009

You did not attach the log from running ComboFix. However, we will use it now.

First, double-click the RootRepeal.exe previously downloaded.

* Select File then Scan
* On the Select Drives form select drive C by "ticking" the box for drive C and click OK
* When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
o C:\WINDOWS\system32\drivers\OLDE8.tmp
* After Wiping all files, immediately reboot your pc!

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\WINDOWS\system32\drivers\old100.tmp    
C:\WINDOWS\system32\drivers\old102.tmp    
C:\WINDOWS\system32\drivers\old104.tmp    
C:\WINDOWS\system32\drivers\old106.tmp    
C:\WINDOWS\system32\drivers\old108.tmp    
C:\WINDOWS\system32\drivers\old10a.tmp    
C:\WINDOWS\system32\drivers\old10c.tmp    
C:\WINDOWS\system32\drivers\old10e.tmp    
C:\WINDOWS\system32\drivers\old11.tmp     
C:\WINDOWS\system32\drivers\old110.tmp    
C:\WINDOWS\system32\drivers\old112.tmp    
C:\WINDOWS\system32\drivers\old114.tmp    
C:\WINDOWS\system32\drivers\old116.tmp    
C:\WINDOWS\system32\drivers\old118.tmp    
C:\WINDOWS\system32\drivers\old11a.tmp    
C:\WINDOWS\system32\drivers\old11c.tmp    
C:\WINDOWS\system32\drivers\old11e.tmp    
C:\WINDOWS\system32\drivers\old120.tmp    
C:\WINDOWS\system32\drivers\old122.tmp    
C:\WINDOWS\system32\drivers\old124.tmp    
C:\WINDOWS\system32\drivers\old126.tmp    
C:\WINDOWS\system32\drivers\old128.tmp    
C:\WINDOWS\system32\drivers\old12a.tmp    
C:\WINDOWS\system32\drivers\old12c.tmp    
C:\WINDOWS\system32\drivers\old12e.tmp    
C:\WINDOWS\system32\drivers\old13.tmp     
C:\WINDOWS\system32\drivers\old130.tmp    
C:\WINDOWS\system32\drivers\old132.tmp    
C:\WINDOWS\system32\drivers\old134.tmp    
C:\WINDOWS\system32\drivers\old136.tmp    
C:\WINDOWS\system32\drivers\old138.tmp    
C:\WINDOWS\system32\drivers\old13a.tmp    
C:\WINDOWS\system32\drivers\old13c.tmp    
C:\WINDOWS\system32\drivers\old13e.tmp    
C:\WINDOWS\system32\drivers\old140.tmp    
C:\WINDOWS\system32\drivers\old142.tmp    
C:\WINDOWS\system32\drivers\old144.tmp    
C:\WINDOWS\system32\drivers\old146.tmp    
C:\WINDOWS\system32\drivers\old148.tmp    
C:\WINDOWS\system32\drivers\old14a.tmp    
C:\WINDOWS\system32\drivers\old14c.tmp    
C:\WINDOWS\system32\drivers\old14e.tmp    
C:\WINDOWS\system32\drivers\old15.tmp     
C:\WINDOWS\system32\drivers\old150.tmp    
C:\WINDOWS\system32\drivers\old152.tmp    
C:\WINDOWS\system32\drivers\old154.tmp    
C:\WINDOWS\system32\drivers\old156.tmp    
C:\WINDOWS\system32\drivers\old158.tmp    
C:\WINDOWS\system32\drivers\old15a.tmp    
C:\WINDOWS\system32\drivers\old15c.tmp    
C:\WINDOWS\system32\drivers\old15e.tmp    
C:\WINDOWS\system32\drivers\old160.tmp    
C:\WINDOWS\system32\drivers\old162.tmp    
C:\WINDOWS\system32\drivers\old164.tmp    
C:\WINDOWS\system32\drivers\old166.tmp    
C:\WINDOWS\system32\drivers\old168.tmp    
C:\WINDOWS\system32\drivers\old16a.tmp    
C:\WINDOWS\system32\drivers\old16c.tmp    
C:\WINDOWS\system32\drivers\old16e.tmp    
C:\WINDOWS\system32\drivers\old170.tmp   
C:\WINDOWS\system32\drivers\old172.tmp    
C:\WINDOWS\system32\drivers\old174.tmp    
C:\WINDOWS\system32\drivers\old176.tmp    
C:\WINDOWS\system32\drivers\old178.tmp    
C:\WINDOWS\system32\drivers\old17a.tmp    
C:\WINDOWS\system32\drivers\old17c.tmp    
C:\WINDOWS\system32\drivers\old17e.tmp    
C:\WINDOWS\system32\drivers\old180.tmp    
C:\WINDOWS\system32\drivers\old182.tmp    
C:\WINDOWS\system32\drivers\old184.tmp    
C:\WINDOWS\system32\drivers\old186.tmp    
C:\WINDOWS\system32\drivers\old188.tmp    
C:\WINDOWS\system32\drivers\old18a.tmp    
C:\WINDOWS\system32\drivers\old18c.tmp    
C:\WINDOWS\system32\drivers\old18e.tmp    
C:\WINDOWS\system32\drivers\old190.tmp    
C:\WINDOWS\system32\drivers\old192.tmp    
C:\WINDOWS\system32\drivers\old194.tmp    
C:\WINDOWS\system32\drivers\old196.tmp    
C:\WINDOWS\system32\drivers\old198.tmp    
C:\WINDOWS\system32\drivers\old19a.tmp    
C:\WINDOWS\system32\drivers\old19c.tmp    
C:\WINDOWS\system32\drivers\old19e.tmp    
C:\WINDOWS\system32\drivers\old1a0.tmp    
C:\WINDOWS\system32\drivers\old1a2.tmp    
C:\WINDOWS\system32\drivers\old1a4.tmp    
C:\WINDOWS\system32\drivers\old1a6.tmp    
C:\WINDOWS\system32\drivers\old1a8.tmp    
C:\WINDOWS\system32\drivers\old1aa.tmp    
C:\WINDOWS\system32\drivers\old1ac.tmp    
C:\WINDOWS\system32\drivers\old1ae.tmp    
C:\WINDOWS\system32\drivers\old1b0.tmp    
C:\WINDOWS\system32\drivers\old1b2.tmp    
C:\WINDOWS\system32\drivers\old1b4.tmp    
C:\WINDOWS\system32\drivers\old1b6.tmp    
C:\WINDOWS\system32\drivers\old1b8.tmp    
C:\WINDOWS\system32\drivers\old1ba.tmp    
C:\WINDOWS\system32\drivers\old1bc.tmp    
C:\WINDOWS\system32\drivers\old1be.tmp    
C:\WINDOWS\system32\drivers\old1c0.tmp    
C:\WINDOWS\system32\drivers\old1c2.tmp    
C:\WINDOWS\system32\drivers\old1c4.tmp    
C:\WINDOWS\system32\drivers\old1c6.tmp    
C:\WINDOWS\system32\drivers\old1c8.tmp    
C:\WINDOWS\system32\drivers\old1ca.tmp    
C:\WINDOWS\system32\drivers\old1cc.tmp    
C:\WINDOWS\system32\drivers\old1ce.tmp    
C:\WINDOWS\system32\drivers\old1d.tmp     
C:\WINDOWS\system32\drivers\old1d0.tmp    
C:\WINDOWS\system32\drivers\old1d2.tmp    
C:\WINDOWS\system32\drivers\old1d4.tmp    
C:\WINDOWS\system32\drivers\old1d6.tmp    
C:\WINDOWS\system32\drivers\old1d8.tmp    
C:\WINDOWS\system32\drivers\old1da.tmp    
C:\WINDOWS\system32\drivers\old1dc.tmp    
C:\WINDOWS\system32\drivers\old1de.tmp    
C:\WINDOWS\system32\drivers\old1e0.tmp    
C:\WINDOWS\system32\drivers\old1e2.tmp    
C:\WINDOWS\system32\drivers\old1e4.tmp    
C:\WINDOWS\system32\drivers\old1e6.tmp    
C:\WINDOWS\system32\drivers\old1e8.tmp    
C:\WINDOWS\system32\drivers\old1ea.tmp    
C:\WINDOWS\system32\drivers\old1ec.tmp   
C:\WINDOWS\system32\drivers\old1ee.tmp    
C:\WINDOWS\system32\drivers\old1f0.tmp    
C:\WINDOWS\system32\drivers\old1f2.tmp    
C:\WINDOWS\system32\drivers\old1f4.tmp    
C:\WINDOWS\system32\drivers\old1f6.tmp    
C:\WINDOWS\system32\drivers\old1f8.tmp    
C:\WINDOWS\system32\drivers\old1fa.tmp    
C:\WINDOWS\system32\drivers\old1fc.tmp    
C:\WINDOWS\system32\drivers\old1fe.tmp    
C:\WINDOWS\system32\drivers\old2.tmp      
C:\WINDOWS\system32\drivers\old20.tmp     
C:\WINDOWS\system32\drivers\old200.tmp    
C:\WINDOWS\system32\drivers\old202.tmp    
C:\WINDOWS\system32\drivers\old204.tmp    
C:\WINDOWS\system32\drivers\old206.tmp    
C:\WINDOWS\system32\drivers\old208.tmp    
C:\WINDOWS\system32\drivers\old20a.tmp    
C:\WINDOWS\system32\drivers\old20c.tmp    
C:\WINDOWS\system32\drivers\old20e.tmp    
C:\WINDOWS\system32\drivers\old210.tmp    
C:\WINDOWS\system32\drivers\old212.tmp    
C:\WINDOWS\system32\drivers\old214.tmp    
C:\WINDOWS\system32\drivers\old216.tmp    
C:\WINDOWS\system32\drivers\old218.tmp    
C:\WINDOWS\system32\drivers\old21a.tmp    
C:\WINDOWS\system32\drivers\old21c.tmp    
C:\WINDOWS\system32\drivers\old21e.tmp    
C:\WINDOWS\system32\drivers\old22.tmp     
C:\WINDOWS\system32\drivers\old221.tmp   
C:\WINDOWS\system32\drivers\old223.tmp    
C:\WINDOWS\system32\drivers\old225.tmp    
C:\WINDOWS\system32\drivers\old227.tmp    
C:\WINDOWS\system32\drivers\old229.tmp    
C:\WINDOWS\system32\drivers\old22b.tmp    
C:\WINDOWS\system32\drivers\old22d.tmp    
C:\WINDOWS\system32\drivers\old22f.tmp    
C:\WINDOWS\system32\drivers\old231.tmp   
C:\WINDOWS\system32\drivers\old233.tmp    
C:\WINDOWS\system32\drivers\old235.tmp    
C:\WINDOWS\system32\drivers\old237.tmp    
C:\WINDOWS\system32\drivers\old239.tmp    
C:\WINDOWS\system32\drivers\old23b.tmp    
C:\WINDOWS\system32\drivers\old23d.tmp    
C:\WINDOWS\system32\drivers\old23f.tmp    
C:\WINDOWS\system32\drivers\old24.tmp     
C:\WINDOWS\system32\drivers\old241.tmp    
C:\WINDOWS\system32\drivers\old243.tmp    
C:\WINDOWS\system32\drivers\old245.tmp    
C:\WINDOWS\system32\drivers\old247.tmp    
C:\WINDOWS\system32\drivers\old249.tmp    
C:\WINDOWS\system32\drivers\old24b.tmp    
C:\WINDOWS\system32\drivers\old24d.tmp    
C:\WINDOWS\system32\drivers\old24f.tmp    
C:\WINDOWS\system32\drivers\old251.tmp    
C:\WINDOWS\system32\drivers\old253.tmp    
C:\WINDOWS\system32\drivers\old255.tmp    
C:\WINDOWS\system32\drivers\old257.tmp    
C:\WINDOWS\system32\drivers\old259.tmp    
C:\WINDOWS\system32\drivers\old25b.tmp    
C:\WINDOWS\system32\drivers\old25d.tmp    
C:\WINDOWS\system32\drivers\old25f.tmp    
C:\WINDOWS\system32\drivers\old261.tmp    
C:\WINDOWS\system32\drivers\old263.tmp    
C:\WINDOWS\system32\drivers\old265.tmp    
C:\WINDOWS\system32\drivers\old267.tmp    
C:\WINDOWS\system32\drivers\old269.tmp    
C:\WINDOWS\system32\drivers\old26b.tmp    
C:\WINDOWS\system32\drivers\old26d.tmp    
C:\WINDOWS\system32\drivers\old26f.tmp    
C:\WINDOWS\system32\drivers\old27.tmp     
C:\WINDOWS\system32\drivers\old271.tmp    
C:\WINDOWS\system32\drivers\old273.tmp    
C:\WINDOWS\system32\drivers\old275.tmp    
C:\WINDOWS\system32\drivers\old278.tmp    
C:\WINDOWS\system32\drivers\old27a.tmp    
C:\WINDOWS\system32\drivers\old27c.tmp    
C:\WINDOWS\system32\drivers\old280.tmp    
C:\WINDOWS\system32\drivers\old282.tmp    
C:\WINDOWS\system32\drivers\old284.tmp    
C:\WINDOWS\system32\drivers\old286.tmp    
C:\WINDOWS\system32\drivers\old288.tmp    
C:\WINDOWS\system32\drivers\old28a.tmp    
C:\WINDOWS\system32\drivers\old28c.tmp    
C:\WINDOWS\system32\drivers\old28e.tmp    
C:\WINDOWS\system32\drivers\old290.tmp    
C:\WINDOWS\system32\drivers\old2a.tmp     
C:\WINDOWS\system32\drivers\old2d.tmp     
C:\WINDOWS\system32\drivers\old38.tmp     
C:\WINDOWS\system32\drivers\old3a.tmp     
C:\WINDOWS\system32\drivers\old3c.tmp     
C:\WINDOWS\system32\drivers\old3e.tmp     
C:\WINDOWS\system32\drivers\old40.tmp    
C:\WINDOWS\system32\drivers\old42.tmp     
C:\WINDOWS\system32\drivers\old44.tmp     
C:\WINDOWS\system32\drivers\old45.tmp     
C:\WINDOWS\system32\drivers\old47.tmp     
C:\WINDOWS\system32\drivers\old49.tmp     
C:\WINDOWS\system32\drivers\old4a.tmp     
C:\WINDOWS\system32\drivers\old4b.tmp     
C:\WINDOWS\system32\drivers\old4d.tmp     
C:\WINDOWS\system32\drivers\old4e.tmp     
C:\WINDOWS\system32\drivers\old4f.tmp     
C:\WINDOWS\system32\drivers\old5.tmp      
C:\WINDOWS\system32\drivers\old51.tmp     
C:\WINDOWS\system32\drivers\old53.tmp     
C:\WINDOWS\system32\drivers\old55.tmp     
C:\WINDOWS\system32\drivers\old56.tmp     
C:\WINDOWS\system32\drivers\old57.tmp     
C:\WINDOWS\system32\drivers\old59.tmp     
C:\WINDOWS\system32\drivers\old5a.tmp     
C:\WINDOWS\system32\drivers\old5b.tmp     
C:\WINDOWS\system32\drivers\old5d.tmp     
C:\WINDOWS\system32\drivers\old5f.tmp     
C:\WINDOWS\system32\drivers\old61.tmp     
C:\WINDOWS\system32\drivers\old62.tmp     
C:\WINDOWS\system32\drivers\old63.tmp     
C:\WINDOWS\system32\drivers\old64.tmp     
C:\WINDOWS\system32\drivers\old66.tmp     
C:\WINDOWS\system32\drivers\old68.tmp     
C:\WINDOWS\system32\drivers\old6a.tmp     
C:\WINDOWS\system32\drivers\old6c.tmp     
C:\WINDOWS\system32\drivers\old6e.tmp     
C:\WINDOWS\system32\drivers\old7.tmp      
C:\WINDOWS\system32\drivers\old70.tmp     
C:\WINDOWS\system32\drivers\old72.tmp     
C:\WINDOWS\system32\drivers\old74.tmp     
C:\WINDOWS\system32\drivers\old76.tmp     
C:\WINDOWS\system32\drivers\old78.tmp     
C:\WINDOWS\system32\drivers\old7a.tmp     
C:\WINDOWS\system32\drivers\old7c.tmp     
C:\WINDOWS\system32\drivers\old7e.tmp     
C:\WINDOWS\system32\drivers\old80.tmp     
C:\WINDOWS\system32\drivers\old82.tmp     
C:\WINDOWS\system32\drivers\old84.tmp     
C:\WINDOWS\system32\drivers\old86.tmp     
C:\WINDOWS\system32\drivers\old88.tmp     
C:\WINDOWS\system32\drivers\old8a.tmp     
C:\WINDOWS\system32\drivers\old8c.tmp     
C:\WINDOWS\system32\drivers\old8e.tmp     
C:\WINDOWS\system32\drivers\old9.tmp      
C:\WINDOWS\system32\drivers\old90.tmp     
C:\WINDOWS\system32\drivers\old92.tmp     
C:\WINDOWS\system32\drivers\old94.tmp     
C:\WINDOWS\system32\drivers\old96.tmp     
C:\WINDOWS\system32\drivers\old98.tmp     
C:\WINDOWS\system32\drivers\old9a.tmp     
C:\WINDOWS\system32\drivers\old9c.tmp     
C:\WINDOWS\system32\drivers\old9e.tmp     
C:\WINDOWS\system32\drivers\olda0.tmp     
C:\WINDOWS\system32\drivers\olda2.tmp     
C:\WINDOWS\system32\drivers\olda4.tmp     
C:\WINDOWS\system32\drivers\olda6.tmp     
C:\WINDOWS\system32\drivers\olda8.tmp     
C:\WINDOWS\system32\drivers\oldaa.tmp     
C:\WINDOWS\system32\drivers\oldac.tmp     
C:\WINDOWS\system32\drivers\oldae.tmp     
C:\WINDOWS\system32\drivers\oldb.tmp      
C:\WINDOWS\system32\drivers\oldb0.tmp     
C:\WINDOWS\system32\drivers\oldb2.tmp     
C:\WINDOWS\system32\drivers\oldb4.tmp     
C:\WINDOWS\system32\drivers\oldb6.tmp     
C:\WINDOWS\system32\drivers\oldb8.tmp     
C:\WINDOWS\system32\drivers\oldba.tmp     
C:\WINDOWS\system32\drivers\oldbc.tmp     
C:\WINDOWS\system32\drivers\oldbe.tmp     
C:\WINDOWS\system32\drivers\oldc0.tmp     
C:\WINDOWS\system32\drivers\oldc2.tmp     
C:\WINDOWS\system32\drivers\oldc4.tmp     
C:\WINDOWS\system32\drivers\oldc6.tmp     
C:\WINDOWS\system32\drivers\oldc8.tmp     
C:\WINDOWS\system32\drivers\oldca.tmp     
C:\WINDOWS\system32\drivers\oldcc.tmp     
C:\WINDOWS\system32\drivers\oldce.tmp     
C:\WINDOWS\system32\drivers\oldd.tmp      
C:\WINDOWS\system32\drivers\oldd0.tmp     
C:\WINDOWS\system32\drivers\oldd2.tmp     
C:\WINDOWS\system32\drivers\oldd4.tmp     
C:\WINDOWS\system32\drivers\oldd6.tmp     
C:\WINDOWS\system32\drivers\oldd8.tmp    
C:\WINDOWS\system32\drivers\oldda.tmp     
C:\WINDOWS\system32\drivers\olddc.tmp     
C:\WINDOWS\system32\drivers\oldde.tmp     
C:\WINDOWS\system32\drivers\olde0.tmp     
C:\WINDOWS\system32\drivers\olde2.tmp     
C:\WINDOWS\system32\drivers\olde4.tmp     
C:\WINDOWS\system32\drivers\olde6.tmp     
C:\WINDOWS\system32\drivers\olde8.tmp     
C:\WINDOWS\system32\drivers\oldea.tmp     
C:\WINDOWS\system32\drivers\oldec.tmp     
C:\WINDOWS\system32\drivers\oldee.tmp     
C:\WINDOWS\system32\drivers\oldf.tmp      
C:\WINDOWS\system32\drivers\oldf0.tmp     
C:\WINDOWS\system32\drivers\oldf2.tmp     
C:\WINDOWS\system32\drivers\oldf4.tmp     
C:\WINDOWS\system32\drivers\oldf6.tmp     
C:\WINDOWS\system32\drivers\oldf8.tmp     
C:\WINDOWS\system32\drivers\oldfa.tmp     
C:\WINDOWS\system32\drivers\oldfc.tmp     
C:\WINDOWS\system32\drivers\oldfe.tmp
C:\WINDOWS\Temp\204ad8.dmp  
C:\WINDOWS\Temp\204bd2.tmp    
C:\WINDOWS\Temp\274c6c.dmp    
C:\WINDOWS\Temp\274cf9.tmp    
C:\WINDOWS\Temp\61475.dmp     
C:\WINDOWS\Temp\61501.tmp    
C:\WINDOWS\Temp\af210.dmp   
C:\WINDOWS\Temp\af29c.tmp   
C:\WINDOWS\Temp\bbade.dmp   
C:\WINDOWS\Temp\bbb6b.tmp    
C:\WINDOWS\Temp\bdc2.dmp    
C:\WINDOWS\Temp\c498.tmp 

FCopy::
C:\MGtools\temp\XPSP3\beep.sysmg | C:\WINDOWS\LastGood\system32\drivers\beep.sys
C:\MGtools\temp\XPSP3\beep.sysmg | C:\WINDOWS\system32\dllcache\beep.sys

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"PendingFileRenameOperations"=""

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

constructiveentropy · Sep 21, 2009

I'm running into a few problems doing what you have advised.

As before, when I ran root repeal I immediately got an error message saying 'invalid pe image found', but then I pressed ok and was able to still run the program. I ran a scan as you asked, but the file you wanted me to wipe didn't show up. I then went on to the next step of your instructions.

I still could not get ComboFix to run on my computer. I disabled my virus program and windows firewall and created the CFScript.txt file and put it on my desktop and dragged it over to ComboFix.exe (also on my desktop). This caused the ComboFix loading bar to come up, but then after the bar finished loading, nothing happened. I left my computer alone for about 15 minutes after that but nothing happened after that other than a little hour glass popping up next to my mouse every once in a while and then dissappearing again a second later (I'm not sure if this is unusual or not, I've never noticed it before but I wasn't really paying attention.) After about 15 minutes, I turned off the computer.

I can't attach a combofix log to this email because no log was created. Tomorrow I'm going to search around my computer for any virus programs that might have been running without my knowledge and will then try again. I'll also try running MGtools again so that at least I can post that log for you. Please stay tuned.

PS- My computer is still running about the same. So far, I haven't noticed any detrimental effects of the virus other than Avast popping up every minute or so to announce that it's re-found the same infected beep.sys file that I keep on deleting. When I turn off Avast to perform these tasks, I no longer have any indication that the virus is there, however I still haven't tried to run any programs other than the malware removal programs you recommend. What exactly does this virus do that I should look out for?

constructiveentropy · Sep 25, 2009

OK, ran RootRepeal again. This time I turned up several suspicious files (3 of them were files which began C:\WINDOWS\system32\drivers\OLDXX.tmp ). I wanted to follow your instructions exactly so I just wiped OLDE8.tmp and left the other files alone. Why am I getting different results running RootRepeal twice? If this happens again, should I wipe all the files that turn up?

I attempted to run ComboFix again, but ran into the same problems.

I ran CCleaner deleting the temp files only.

Ran MGlogs, attaching the file.

I'm attaching MGlogs and RootRepeal logs, but not ComboFix (because I couldn't get it to run).

Please help!

TimW · Sep 25, 2009

Please download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please double-click the RootRepeal.exe previously downloaded.

* Select File then Scan
* On the Select Drives form select drive C by "ticking" the box for drive C and click OK
* When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
o C:\WINDOWS\system32\drivers\1CFBFB.tmp
o c:\windows\system32\drivers\old12b.tmp
o C:\WINDOWS\system32\drivers\1CFB4F.dmp
o C:\WINDOWS\system32\drivers\OLD131.tmp
* After Wiping all files, immediately reboot your pc!

Now:
* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Drivers to delete:
OLD100
old105
old107
old10a
old10c
old10e
old11
old110
old112
old116
old118
old11a
old11c
old13
old15
old17
old19
old1b
old1d
old1f
old2
old21
old23
old25
old27
old29
old2b
old30
old36
old38
old3a
old3c
old40
old42
old44
old45
old47
old4a
old4d
old4e
old5
old51
old53
old55
old56
old57
old59
old5a
old5b
old5d
old5f
old61
old62
old63
old64
old66
old68
old6a
old6c
old6e
old7
old70
old72
old74
old76
old78
old7a
old7c
old7e
old80
old82
old84
old86
old88
old8a
old8c
old8e
old9
old90
old92
old94
old96
old98
old9a
old9c
old9e
olda0
olda2
olda4
olda6
olda8
oldaa
oldac
oldae
oldb
oldb0
oldb2
oldb4
oldb6
oldb8
oldba
oldbc
oldbe
oldc0
oldc2
oldc4
oldc6
oldc8
oldca
oldcc
oldce
oldd
oldd0
oldd2
oldd4
oldd6
oldd8
oldda
olddc
oldde
olde0
olde2
olde4
olde6
olde8
oldea
oldec
oldee
oldf
oldf0
oldf2
oldf4
oldf6
oldf8
oldfa
oldfc
oldfe

Files to delete:

C:\WINDOWS\system32\drivers\old100.tmp
C:\WINDOWS\system32\drivers\old102.tmp
C:\WINDOWS\system32\drivers\old104.tmp
C:\WINDOWS\system32\drivers\old106.tmp
C:\WINDOWS\system32\drivers\old108.tmp
C:\WINDOWS\system32\drivers\old10a.tmp
C:\WINDOWS\system32\drivers\old10c.tmp
C:\WINDOWS\system32\drivers\old10e.tmp
C:\WINDOWS\system32\drivers\old11.tmp
C:\WINDOWS\system32\drivers\old110.tmp
C:\WINDOWS\system32\drivers\old112.tmp
C:\WINDOWS\system32\drivers\old114.tmp
C:\WINDOWS\system32\drivers\old116.tmp
C:\WINDOWS\system32\drivers\old118.tmp
C:\WINDOWS\system32\drivers\old11a.tmp
C:\WINDOWS\system32\drivers\old11c.tmp
C:\WINDOWS\system32\drivers\old11e.tmp
C:\WINDOWS\system32\drivers\old120.tmp
C:\WINDOWS\system32\drivers\old122.tmp
C:\WINDOWS\system32\drivers\old124.tmp
C:\WINDOWS\system32\drivers\old126.tmp
C:\WINDOWS\system32\drivers\old128.tmp
C:\WINDOWS\system32\drivers\old12a.tmp
C:\WINDOWS\system32\drivers\old12c.tmp
C:\WINDOWS\system32\drivers\old12e.tmp
C:\WINDOWS\system32\drivers\old13.tmp
C:\WINDOWS\system32\drivers\old130.tmp
C:\WINDOWS\system32\drivers\old132.tmp
C:\WINDOWS\system32\drivers\old134.tmp
C:\WINDOWS\system32\drivers\old136.tmp
C:\WINDOWS\system32\drivers\old138.tmp
C:\WINDOWS\system32\drivers\old13a.tmp
C:\WINDOWS\system32\drivers\old13c.tmp
C:\WINDOWS\system32\drivers\old13e.tmp
C:\WINDOWS\system32\drivers\old140.tmp
C:\WINDOWS\system32\drivers\old142.tmp
C:\WINDOWS\system32\drivers\old144.tmp
C:\WINDOWS\system32\drivers\old146.tmp
C:\WINDOWS\system32\drivers\old148.tmp
C:\WINDOWS\system32\drivers\old14a.tmp
C:\WINDOWS\system32\drivers\old14c.tmp
C:\WINDOWS\system32\drivers\old14e.tmp
C:\WINDOWS\system32\drivers\old15.tmp
C:\WINDOWS\system32\drivers\old150.tmp
C:\WINDOWS\system32\drivers\old152.tmp
C:\WINDOWS\system32\drivers\old154.tmp
C:\WINDOWS\system32\drivers\old156.tmp
C:\WINDOWS\system32\drivers\old158.tmp
C:\WINDOWS\system32\drivers\old15a.tmp
C:\WINDOWS\system32\drivers\old15c.tmp
C:\WINDOWS\system32\drivers\old15e.tmp
C:\WINDOWS\system32\drivers\old160.tmp
C:\WINDOWS\system32\drivers\old162.tmp
C:\WINDOWS\system32\drivers\old164.tmp
C:\WINDOWS\system32\drivers\old166.tmp
C:\WINDOWS\system32\drivers\old168.tmp
C:\WINDOWS\system32\drivers\old16a.tmp
C:\WINDOWS\system32\drivers\old16c.tmp
C:\WINDOWS\system32\drivers\old16e.tmp
C:\WINDOWS\system32\drivers\old170.tmp
C:\WINDOWS\system32\drivers\old172.tmp
C:\WINDOWS\system32\drivers\old174.tmp
C:\WINDOWS\system32\drivers\old176.tmp
C:\WINDOWS\system32\drivers\old178.tmp
C:\WINDOWS\system32\drivers\old17a.tmp
C:\WINDOWS\system32\drivers\old17c.tmp
C:\WINDOWS\system32\drivers\old17e.tmp
C:\WINDOWS\system32\drivers\old180.tmp
C:\WINDOWS\system32\drivers\old182.tmp
C:\WINDOWS\system32\drivers\old184.tmp
C:\WINDOWS\system32\drivers\old186.tmp
C:\WINDOWS\system32\drivers\old188.tmp
C:\WINDOWS\system32\drivers\old18a.tmp
C:\WINDOWS\system32\drivers\old18c.tmp
C:\WINDOWS\system32\drivers\old18e.tmp
C:\WINDOWS\system32\drivers\old190.tmp
C:\WINDOWS\system32\drivers\old192.tmp
C:\WINDOWS\system32\drivers\old194.tmp
C:\WINDOWS\system32\drivers\old196.tmp
C:\WINDOWS\system32\drivers\old198.tmp
C:\WINDOWS\system32\drivers\old19a.tmp
C:\WINDOWS\system32\drivers\old19c.tmp
C:\WINDOWS\system32\drivers\old19e.tmp
C:\WINDOWS\system32\drivers\old1a0.tmp
C:\WINDOWS\system32\drivers\old1a2.tmp
C:\WINDOWS\system32\drivers\old1a4.tmp
C:\WINDOWS\system32\drivers\old1a6.tmp
C:\WINDOWS\system32\drivers\old1a8.tmp
C:\WINDOWS\system32\drivers\old1aa.tmp
C:\WINDOWS\system32\drivers\old1ac.tmp
C:\WINDOWS\system32\drivers\old1ae.tmp
C:\WINDOWS\system32\drivers\old1b0.tmp
C:\WINDOWS\system32\drivers\old1b2.tmp
C:\WINDOWS\system32\drivers\old1b4.tmp
C:\WINDOWS\system32\drivers\old1b6.tmp
C:\WINDOWS\system32\drivers\old1b8.tmp
C:\WINDOWS\system32\drivers\old1ba.tmp
C:\WINDOWS\system32\drivers\old1bc.tmp
C:\WINDOWS\system32\drivers\old1be.tmp
C:\WINDOWS\system32\drivers\old1c0.tmp
C:\WINDOWS\system32\drivers\old1c2.tmp
C:\WINDOWS\system32\drivers\old1c4.tmp
C:\WINDOWS\system32\drivers\old1c6.tmp
C:\WINDOWS\system32\drivers\old1c8.tmp
C:\WINDOWS\system32\drivers\old1ca.tmp
C:\WINDOWS\system32\drivers\old1cc.tmp
C:\WINDOWS\system32\drivers\old1ce.tmp
C:\WINDOWS\system32\drivers\old1d.tmp
C:\WINDOWS\system32\drivers\old1d0.tmp
C:\WINDOWS\system32\drivers\old1d2.tmp
C:\WINDOWS\system32\drivers\old1d4.tmp
C:\WINDOWS\system32\drivers\old1d6.tmp
C:\WINDOWS\system32\drivers\old1d8.tmp
C:\WINDOWS\system32\drivers\old1da.tmp
C:\WINDOWS\system32\drivers\old1dc.tmp
C:\WINDOWS\system32\drivers\old1de.tmp
C:\WINDOWS\system32\drivers\old1e0.tmp
C:\WINDOWS\system32\drivers\old1e2.tmp
C:\WINDOWS\system32\drivers\old1e4.tmp
C:\WINDOWS\system32\drivers\old1e6.tmp
C:\WINDOWS\system32\drivers\old1e8.tmp
C:\WINDOWS\system32\drivers\old1ea.tmp
C:\WINDOWS\system32\drivers\old1ec.tmp
C:\WINDOWS\system32\drivers\old1ee.tmp
C:\WINDOWS\system32\drivers\old1f0.tmp
C:\WINDOWS\system32\drivers\old1f2.tmp
C:\WINDOWS\system32\drivers\old1f4.tmp
C:\WINDOWS\system32\drivers\old1f6.tmp
C:\WINDOWS\system32\drivers\old1f8.tmp
C:\WINDOWS\system32\drivers\old1fa.tmp
C:\WINDOWS\system32\drivers\old1fc.tmp
C:\WINDOWS\system32\drivers\old1fe.tmp
C:\WINDOWS\system32\drivers\old2.tmp
C:\WINDOWS\system32\drivers\old20.tmp
C:\WINDOWS\system32\drivers\old200.tmp
C:\WINDOWS\system32\drivers\old202.tmp
C:\WINDOWS\system32\drivers\old204.tmp
C:\WINDOWS\system32\drivers\old206.tmp
C:\WINDOWS\system32\drivers\old208.tmp
C:\WINDOWS\system32\drivers\old20a.tmp
C:\WINDOWS\system32\drivers\old20c.tmp
C:\WINDOWS\system32\drivers\old20e.tmp
C:\WINDOWS\system32\drivers\old210.tmp
C:\WINDOWS\system32\drivers\old212.tmp
C:\WINDOWS\system32\drivers\old214.tmp
C:\WINDOWS\system32\drivers\old216.tmp
C:\WINDOWS\system32\drivers\old218.tmp
C:\WINDOWS\system32\drivers\old21a.tmp
C:\WINDOWS\system32\drivers\old21c.tmp
C:\WINDOWS\system32\drivers\old21e.tmp
C:\WINDOWS\system32\drivers\old22.tmp
C:\WINDOWS\system32\drivers\old221.tmp
C:\WINDOWS\system32\drivers\old223.tmp
C:\WINDOWS\system32\drivers\old225.tmp
C:\WINDOWS\system32\drivers\old227.tmp
C:\WINDOWS\system32\drivers\old229.tmp
C:\WINDOWS\system32\drivers\old22b.tmp
C:\WINDOWS\system32\drivers\old22d.tmp
C:\WINDOWS\system32\drivers\old22f.tmp
C:\WINDOWS\system32\drivers\old231.tmp
C:\WINDOWS\system32\drivers\old233.tmp
C:\WINDOWS\system32\drivers\old235.tmp
C:\WINDOWS\system32\drivers\old237.tmp
C:\WINDOWS\system32\drivers\old239.tmp
C:\WINDOWS\system32\drivers\old23b.tmp
C:\WINDOWS\system32\drivers\old23d.tmp
C:\WINDOWS\system32\drivers\old23f.tmp
C:\WINDOWS\system32\drivers\old24.tmp
C:\WINDOWS\system32\drivers\old241.tmp
C:\WINDOWS\system32\drivers\old243.tmp
C:\WINDOWS\system32\drivers\old245.tmp
C:\WINDOWS\system32\drivers\old247.tmp
C:\WINDOWS\system32\drivers\old249.tmp
C:\WINDOWS\system32\drivers\old24b.tmp
C:\WINDOWS\system32\drivers\old24d.tmp
C:\WINDOWS\system32\drivers\old24f.tmp
C:\WINDOWS\system32\drivers\old251.tmp
C:\WINDOWS\system32\drivers\old253.tmp
C:\WINDOWS\system32\drivers\old255.tmp
C:\WINDOWS\system32\drivers\old257.tmp
C:\WINDOWS\system32\drivers\old259.tmp
C:\WINDOWS\system32\drivers\old25b.tmp
C:\WINDOWS\system32\drivers\old25d.tmp
C:\WINDOWS\system32\drivers\old25f.tmp
C:\WINDOWS\system32\drivers\old261.tmp
C:\WINDOWS\system32\drivers\old263.tmp
C:\WINDOWS\system32\drivers\old265.tmp
C:\WINDOWS\system32\drivers\old267.tmp
C:\WINDOWS\system32\drivers\old269.tmp
C:\WINDOWS\system32\drivers\old26b.tmp
C:\WINDOWS\system32\drivers\old26d.tmp
C:\WINDOWS\system32\drivers\old26f.tmp
C:\WINDOWS\system32\drivers\old27.tmp
C:\WINDOWS\system32\drivers\old271.tmp
C:\WINDOWS\system32\drivers\old273.tmp
C:\WINDOWS\system32\drivers\old275.tmp
C:\WINDOWS\system32\drivers\old278.tmp
C:\WINDOWS\system32\drivers\old27a.tmp
C:\WINDOWS\system32\drivers\old27c.tmp
C:\WINDOWS\system32\drivers\old280.tmp
C:\WINDOWS\system32\drivers\old282.tmp
C:\WINDOWS\system32\drivers\old284.tmp
C:\WINDOWS\system32\drivers\old286.tmp
C:\WINDOWS\system32\drivers\old288.tmp
C:\WINDOWS\system32\drivers\old28a.tmp
C:\WINDOWS\system32\drivers\old28c.tmp
C:\WINDOWS\system32\drivers\old28e.tmp
C:\WINDOWS\system32\drivers\old290.tmp
C:\WINDOWS\system32\drivers\old2a.tmp
C:\WINDOWS\system32\drivers\old2d.tmp
C:\WINDOWS\system32\drivers\old38.tmp
C:\WINDOWS\system32\drivers\old3a.tmp
C:\WINDOWS\system32\drivers\old3c.tmp
C:\WINDOWS\system32\drivers\old3e.tmp
C:\WINDOWS\system32\drivers\old40.tmp
C:\WINDOWS\system32\drivers\old42.tmp
C:\WINDOWS\system32\drivers\old44.tmp
C:\WINDOWS\system32\drivers\old45.tmp
C:\WINDOWS\system32\drivers\old47.tmp
C:\WINDOWS\system32\drivers\old49.tmp
C:\WINDOWS\system32\drivers\old4a.tmp
C:\WINDOWS\system32\drivers\old4b.tmp
C:\WINDOWS\system32\drivers\old4d.tmp
C:\WINDOWS\system32\drivers\old4e.tmp
C:\WINDOWS\system32\drivers\old4f.tmp
C:\WINDOWS\system32\drivers\old5.tmp
C:\WINDOWS\system32\drivers\old51.tmp
C:\WINDOWS\system32\drivers\old53.tmp
C:\WINDOWS\system32\drivers\old55.tmp
C:\WINDOWS\system32\drivers\old56.tmp
C:\WINDOWS\system32\drivers\old57.tmp
C:\WINDOWS\system32\drivers\old59.tmp
C:\WINDOWS\system32\drivers\old5a.tmp
C:\WINDOWS\system32\drivers\old5b.tmp
C:\WINDOWS\system32\drivers\old5d.tmp
C:\WINDOWS\system32\drivers\old5f.tmp
C:\WINDOWS\system32\drivers\old61.tmp
C:\WINDOWS\system32\drivers\old62.tmp
C:\WINDOWS\system32\drivers\old63.tmp
C:\WINDOWS\system32\drivers\old64.tmp
C:\WINDOWS\system32\drivers\old66.tmp
C:\WINDOWS\system32\drivers\old68.tmp
C:\WINDOWS\system32\drivers\old6a.tmp
C:\WINDOWS\system32\drivers\old6c.tmp
C:\WINDOWS\system32\drivers\old6e.tmp
C:\WINDOWS\system32\drivers\old7.tmp
C:\WINDOWS\system32\drivers\old70.tmp
C:\WINDOWS\system32\drivers\old72.tmp
C:\WINDOWS\system32\drivers\old74.tmp
C:\WINDOWS\system32\drivers\old76.tmp
C:\WINDOWS\system32\drivers\old78.tmp
C:\WINDOWS\system32\drivers\old7a.tmp
C:\WINDOWS\system32\drivers\old7c.tmp
C:\WINDOWS\system32\drivers\old7e.tmp
C:\WINDOWS\system32\drivers\old80.tmp
C:\WINDOWS\system32\drivers\old82.tmp
C:\WINDOWS\system32\drivers\old84.tmp
C:\WINDOWS\system32\drivers\old86.tmp
C:\WINDOWS\system32\drivers\old88.tmp
C:\WINDOWS\system32\drivers\old8a.tmp
C:\WINDOWS\system32\drivers\old8c.tmp
C:\WINDOWS\system32\drivers\old8e.tmp
C:\WINDOWS\system32\drivers\old9.tmp
C:\WINDOWS\system32\drivers\old90.tmp
C:\WINDOWS\system32\drivers\old92.tmp
C:\WINDOWS\system32\drivers\old94.tmp
C:\WINDOWS\system32\drivers\old96.tmp
C:\WINDOWS\system32\drivers\old98.tmp
C:\WINDOWS\system32\drivers\old9a.tmp
C:\WINDOWS\system32\drivers\old9c.tmp
C:\WINDOWS\system32\drivers\old9e.tmp
C:\WINDOWS\system32\drivers\olda0.tmp
C:\WINDOWS\system32\drivers\olda2.tmp
C:\WINDOWS\system32\drivers\olda4.tmp
C:\WINDOWS\system32\drivers\olda6.tmp
C:\WINDOWS\system32\drivers\olda8.tmp
C:\WINDOWS\system32\drivers\oldaa.tmp
C:\WINDOWS\system32\drivers\oldac.tmp
C:\WINDOWS\system32\drivers\oldae.tmp
C:\WINDOWS\system32\drivers\oldb.tmp
C:\WINDOWS\system32\drivers\oldb0.tmp
C:\WINDOWS\system32\drivers\oldb2.tmp
C:\WINDOWS\system32\drivers\oldb4.tmp
C:\WINDOWS\system32\drivers\oldb6.tmp
C:\WINDOWS\system32\drivers\oldb8.tmp
C:\WINDOWS\system32\drivers\oldba.tmp
C:\WINDOWS\system32\drivers\oldbc.tmp
C:\WINDOWS\system32\drivers\oldbe.tmp
C:\WINDOWS\system32\drivers\oldc0.tmp
C:\WINDOWS\system32\drivers\oldc2.tmp
C:\WINDOWS\system32\drivers\oldc4.tmp
C:\WINDOWS\system32\drivers\oldc6.tmp
C:\WINDOWS\system32\drivers\oldc8.tmp
C:\WINDOWS\system32\drivers\oldca.tmp
C:\WINDOWS\system32\drivers\oldcc.tmp
C:\WINDOWS\system32\drivers\oldce.tmp
C:\WINDOWS\system32\drivers\oldd.tmp
C:\WINDOWS\system32\drivers\oldd0.tmp
C:\WINDOWS\system32\drivers\oldd2.tmp
C:\WINDOWS\system32\drivers\oldd4.tmp
C:\WINDOWS\system32\drivers\oldd6.tmp
C:\WINDOWS\system32\drivers\oldd8.tmp
C:\WINDOWS\system32\drivers\oldda.tmp
C:\WINDOWS\system32\drivers\olddc.tmp
C:\WINDOWS\system32\drivers\oldde.tmp
C:\WINDOWS\system32\drivers\olde0.tmp
C:\WINDOWS\system32\drivers\olde2.tmp
C:\WINDOWS\system32\drivers\olde4.tmp
C:\WINDOWS\system32\drivers\olde6.tmp
C:\WINDOWS\system32\drivers\olde8.tmp
C:\WINDOWS\system32\drivers\oldea.tmp
C:\WINDOWS\system32\drivers\oldec.tmp
C:\WINDOWS\system32\drivers\oldee.tmp
C:\WINDOWS\system32\drivers\oldf.tmp
C:\WINDOWS\system32\drivers\oldf0.tmp
C:\WINDOWS\system32\drivers\oldf2.tmp
C:\WINDOWS\system32\drivers\oldf4.tmp
C:\WINDOWS\system32\drivers\oldf6.tmp
C:\WINDOWS\system32\drivers\oldf8.tmp
C:\WINDOWS\system32\drivers\oldfa.tmp
C:\WINDOWS\system32\drivers\oldfc.tmp
C:\WINDOWS\system32\drivers\oldfe.tmp
C:\WINDOWS\Temp\204ad8.dmp
C:\WINDOWS\Temp\204bd2.tmp
C:\WINDOWS\Temp\274c6c.dmp
C:\WINDOWS\Temp\274cf9.tmp
C:\WINDOWS\Temp\61475.dmp
C:\WINDOWS\Temp\61501.tmp
C:\WINDOWS\Temp\af210.dmp
C:\WINDOWS\Temp\af29c.tmp
C:\WINDOWS\Temp\bbade.dmp
C:\WINDOWS\Temp\bbb6b.tmp
C:\WINDOWS\Temp\bdc2.dmp
C:\WINDOWS\Temp\c498.tmp
C:\WINDOWS\Temp\12b704.dmp
C:\WINDOWS\Temp\12b7a0.tmp
C:\WINDOWS\Temp\d833a.dmp
C:\WINDOWS\Temp\d83c7.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\MAR103.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\mar104.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\mar4a.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\mar4b.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\mar7c.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\mar7d.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\mare.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\marf.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\sts106.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\sts12.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\sts50.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\sts7f.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\~df2326.tmp
C:\Documents and Settings\Ethan\Local Settings\Temp\~df2dbb.tmp
Click to expand...

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
-
Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\Avenger.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

constructiveentropy · Sep 29, 2009

Did as you directed. Attaching the logs.

My computer is running better after this round of scans than after any of the others, so hopefully this keeps up. Nothing weird to note this time around.

Please let me know if there's anything more that I need to do to secure my computer. Please also let me know if I'm done so that I can go on with my life. I'm going to try and avoid turning on my computer again until I hear word from you that the virus is gone.

Thanks for all your help!!! This site is awesome!!!

constructiveentropy · Sep 29, 2009

Update:
The virus is still there.

I'm still getting the same two messages from avast popping up periodically.

Message 1:
avast! Warning
A Rootkit Was Found!

A suspicious hidden object (rootkit) has been detected on your system. This may be a sign of a malware infection. It is recommended to remove the object immediately.

File name: C:\WINDOWS\System32\Drivers\Beep.sys
Type: hidden services
Malware name: Wi?????????????????

Message 2:

avast! Warning
Malware Was Found!
There is no reason to panic, though. Try to follow the given advice and links.
File name: C:\WINDOWS\system32\drivers\beep.sys
Malware name: Win32:RustNT [Rtk]
Malware type: Rootkit
VPS version: 090929-0, 09/29/2009

Please help!!

TimW · Oct 4, 2009

Are you still unable to run ComboFix?

Let's do this:

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Files to move:
C:\MGtools\temp\XPSP3\beep.sysmg | C:\WINDOWS\System32\Drivers\Beep.sys
C:\MGtools\temp\XPSP2\beep.sysmg | C:\WINDOWS\System32\dllcache\Beep.sys
Programs to launch on reboot:
C:\Documents and Settings\Ethan\Desktop\ComboFix.exe
Click to expand...

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* C:\Avenger.txt
* C:\ComboFix.txt
* C:\MGlogs.zip

Log in or Sign up

WIN32:RustNT [Rtk]

constructiveentropy Private E-2

Attached Files:

mbam-log-2009-09-12 (22-37-13).txt

MGlogs.zip

rrlog.txt

SASlog.txt

constructiveentropy Private E-2

Attached Files:

Avastlog.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

constructiveentropy Private E-2

constructiveentropy Private E-2

Attached Files:

MGlogs.zip

rrlog3.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

constructiveentropy Private E-2

Attached Files:

avenger.txt

MGlogs.zip

constructiveentropy Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member