2 replies to this topic

[maaron]

I have a machine that has a simular error. I have run Malwarebytes 5 times and it still came up with the same error. So I ran ComboFix and it took care of the rootkit.

Log before ComboFix :
Malwarebytes' Anti-Malware 1.38
Database version: 2328
Windows 5.1.2600 Service Pack 3

6/24/2009 11:22:04 AM
mbam-log-2009-06-24 (11-22-04).txt

Scan type: Quick Scan
Objects scanned: 143054
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

Log after ComboFix:
Malwarebytes' Anti-Malware 1.38
Database version: 2328
Windows 5.1.2600 Service Pack 3

6/24/2009 12:12:59 PM
mbam-log-2009-06-24 (12-12-59).txt

Scan type: Quick Scan
Objects scanned: 132167
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I attached the ComboFix log file also

Attached Files

•  ComboFix.txt   31.37K   23 downloads

[miekiemoes]

Hi,

I have split your post from another thread, because it's really confusing for the people who help if people post in eachothers threads...

Anyway, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Quote

File::
c:\windows\system32\drivers\tgtkfojw.sys
Driver::
asme
NetSvc::
senekalight

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[miekiemoes]

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.