1 reply to this topic

[dr.vitrag]

I've scanned using malwarebytes, bitdefender and gmer and they all are detecting rootkit but not removing.

If i try to manually remove then it shows bluescreen and reboot then.

Please help me to remove this rootkit trojen.

I've attached screenshot and added logs.

Thanks.

Malware bytes log:

Quote

Scan type: Quick Scan
Objects scanned: 92079
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\kbiwkmbitgwgsj.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmciqigqal.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmjwciwovt.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmneckpmii.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmvffpoevc.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmvxepstfk.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\drivers\kbiwkmbjoprotq.sys (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\drivers\kbiwkmoikuyrfl.sys (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\drivers\kbiwkmotaonqts.sys (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmhwubyyih.dat (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmijdcuxsj.dat (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmijhtnyjv.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmjakrmkwx.dat (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmklfwpqur.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmqwmqrnxn.dat (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmrwibvbcs.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmsobtsnwm.dat (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\kbiwkmwsxvowut.dll (Rootkit.TDSS) -> Delete on reboot.

Attached Images

• 
• 

Attached Files

•  trojen_rootkit.tdss.log.txt   129.94K   21 downloads

[Maniac]

Greetings .

If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:

• Windows Police Pro
  
• CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX
  
• Total-Security (FakeAlert)
  
• av360 (Fakealert)
  
• SystemSecurity

If you aren't able to use those instructions or there are other issues then please follow the instructions here:
I'm infected - What do I do now?

And post your logs in a new topic here:
Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal or scanning tools except those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.