We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help with removing Win32: Rootkit-gen (RtK)
Comments
-
did you do the kaspersky scan from the speedup thread.
the vnc thing is still there, does it show up if you run services.msc?
did you use the avg removal tool, still references to avg in combofix log
what was noisy, hard disk, fan, was this only when you were scanning, and was your commit charge below 480mb at the time?
windows firewall is fine, but it should startup almost straight away, do you have a router. ZA will slow your machine down, and did nothing to stop you getting infected.!!
> . !!!! ----> .0 -
Milltowngirl wrote: »No, still cant see it. im just looking in C:\windows\system32 is that right ? Cant see anything like this, all files names are just short words etc
No, youve done right. I was just making sure it wasnt there anymore:idea:0 -
did you do the kaspersky scan from the speedup thread.
No, didnt think I had a infection at the time, was just trying to clean up / speed things up. Should I try running this now ? What about the other two the speed up thread mentions (surfright, devbuilds ?)?
the vnc thing is still there, does it show up if you run services.msc?
yes, still shows, Ive run hijackthis to fix it 2 or 3 times now and doesnt appear to want to fix it?
I used it orignally to remove AVG as 'uninstall' wouldnt work. Do I need to try and run it again to remove these remnants ?did you use the avg removal tool, still references to avg in combofix log
The hard disk. has stopped since avast stopped but didnt notice it yesterday, and it was noisy on loading the desk top, before id even started the scanwhat was noisy, hard disk, fan, was this only when you were scanning, and was your commit charge below 480mb at the time?
Yes, got a sky broadband sagem router.windows firewall is fine, but it should startup almost straight away, do you have a router.Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
while I remember, from your HJT log, when you've finished everything else, you'll need to update Java
http://www.filehippo.com/download_jre_32/
Thanks Ill do this as soon as I get chance !Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
you may as well scan with kaspersky and surfright, tdsskiller shouldn't be needed
do vnc and google update show on the services tab of msconfig?!!
> . !!!! ----> .0 -
you may as well scan with kaspersky and surfright, tdsskiller shouldn't be needed
do vnc and google update show on the services tab of msconfig?
yep, both show, although google update is showing as disabled, but vnc doesnt have a status.
Ill do the other two scans nowProud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
Good Morning,
Ok so ran surfright and kaspersky last night. Surfright didnt find anything, kaspersky found and fixed some stuff:
Autoscan: completed 2 minutes ago (events: 12, objects: 305471, time: 03:32:56)
20/03/2011 20:10:35 Task started
20/03/2011 20:57:18 Detected: not-a-virus dWare.Win32.SaveNow.z C:\System Volume Information\_restore{C881A5FE-1B75-4DE8-B23C-D3A26D92A79B}\RP291\A0082249.exe/UPX/VVSN_SCNC0704Inst.exe/data0001.cab/VVSN.exe
20/03/2011 20:58:39 Detected: Trojan.Win32.Scar.ddjk C:\WINDOWS\scenic news.exe
20/03/2011 21:23:49 Detected: Trojan.Win32.Scar.ddjk C:\WINDOWS\system32\Scenic News.exe
20/03/2011 22:09:32 Deleted: not-a-virus dWare.Win32.SaveNow.z C:\System Volume Information\_restore{C881A5FE-1B75-4DE8-B23C-D3A26D92A79B}\RP291\A0082249.exe
20/03/2011 22:09:51 Deleted: Trojan.Win32.Scar.ddjk C:\WINDOWS\system32\Scenic News.exe
20/03/2011 22:09:52 Deleted: Trojan.Win32.Scar.ddjk C:\WINDOWS\scenic news.exe
20/03/2011 22:43:32 Detected: Trojan.Win32.Scar.ddjk C:\System Volume Information\_restore{C881A5FE-1B75-4DE8-B23C-D3A26D92A79B}\RP292\A0082473.exe
20/03/2011 22:43:32 Detected: Trojan.Win32.Scar.ddjk C:\System Volume Information\_restore{C881A5FE-1B75-4DE8-B23C-D3A26D92A79B}\RP292\A0082474.exe
20/03/2011 23:41:32 Deleted: Trojan.Win32.Scar.ddjk C:\System Volume Information\_restore{C881A5FE-1B75-4DE8-B23C-D3A26D92A79B}\RP292\A0082473.exe
20/03/2011 23:41:32 Deleted: Trojan.Win32.Scar.ddjk C:\System Volume Information\_restore{C881A5FE-1B75-4DE8-B23C-D3A26D92A79B}\RP292\A0082474.exe
20/03/2011 23:43:32 Task completed
I just told it to fix / delete everything. Hope this was right. Some of these things seems to be the same stuff that avast found, couldnt fix but then quarnatined and I deleted, so how come kaspersky has found them again ? Do they keep reinfecting or had avast just not really deleted them ? Guess Ill run another avast scan later and see if anything still shows up.....
Finally, PC was still slower / noisier to load this morning again. I think it might be all the extra virus / cleaning tools Ive downloaded the last couple of days (I was watching in task mgr, and one of the files using a lot of cpu this morning was the kaspersky file, even though I wasnt using it/loading it). Think Im going to move them all over onto a usb stick so just run them off that if I ever need them again ? Will they run off a usb stick or do they need to be on the C drive ?
How often would you recommend needing to use things like ccleaner, etc to keep it running smoothly ? i.e. what should I be doing on a daily / weekly / monthly basis etc to stop it getting all cruddy again ?!
Thanks for all your help guys, cant believe I was about to throw the PC out and go and buy a new laptop, its working much better than I ever imagined it would do, just hope we've cleared all the viruses out as well now....Proud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0 -
you can uninstall kaspersky now it's cleaned things, along with all the other scanners apart from avast and malwarebytes.
most of the things it found were in the system restore area, so already deleted effectively.
ccleaner doesn't speed things up, but you could set it to run at startup to cleanup your temp files automatically
run the ccleaner registry scan tool, and fix anything found, as you appear to have some registry pointers pointing to things already uninstalled.
the important thing to keep it running smoothly is to keep startup items pruned, to keep the commit charge below installed ram figure.
if any of the sony software is taking up a lot of ram (see task manager), then consider disabling if you don't use often!!
> . !!!! ----> .0 -
You could run Appremover (http://www.appremover.com/) and checked for 'failed uninstall' just to make sure AVG is gone, if that's a concern.0
-
You could run Appremover (http://www.appremover.com/) and checked for 'failed uninstall' just to make sure AVG is gone, if that's a concern.
Thanks Ill try this nowProud to be dealing with my debtsDebt at Light Bulb Moment (January 2011): £21,953Debt at current level (Nov 2013): £4,567.50Debt free wanabee date: Dec 2014 :j0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards