We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
AVAST detected a rootkit, help please
Options
Comments
-
latest virus defitions are 5990, yours is 5962 which suggests it wasnt up to date when you ran it:idea:0
-
Looks like theres still something in the root
Please open malwarebytes, goto LOGS and post the WHOLE of the last log
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin)
............................................................
run SOPHOS ANTI ROOTKIT
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
then rerun combofix and post the log
Do i have to register to run the SOPHOS ANTI ROOTKIT? and then hit submit?0 -
Yep, go for it:idea:0
-
Its currently still scanning (sophos anti rootkit) and so far underneath description it has found 5 unknown hidden files. Am i going to be asked to do anything with these? and if i am what should i do?
Thanks0 -
As ive never had it find anything myself im really not sure
Just press whatever is required to remove everything (Sorry I cant help better than that, but its not like I can give you a run down of what to press):idea:0 -
As ive never had it find anything myself im really not sure
Just press whatever is required to remove everything (Sorry I cant help better than that, but its not like I can give you a run down of what to press)
god i am getting worried now, one of the hidden files is C:\windowssystem32\config\regback\default.....(cant see the rest)
Thats sounds important:eek:0 -
Poppie
Please calm down
Just let it run and do its thing
:idea:0 -
Right i have updated Malwarebytes and here is my latest log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5990
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
08/03/2011 18:24:12
mbam-log-2011-03-08 (18-24-12).txt
Scan type: Quick scan
Objects scanned: 170930
Time elapsed: 7 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Poppie
please keep to running sophos:idea:0
i accidentally stopped the scan so i have got to start again. This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards