I have a machine that has a simular error. I have run Malwarebytes 5 times and it still came up with the same error. So I ran ComboFix and it took care of the rootkit.
Log before ComboFix :
Malwarebytes' Anti-Malware 1.38
Database version: 2328
Windows 5.1.2600 Service Pack 3
6/24/2009 11:22:04 AM
mbam-log-2009-06-24 (11-22-04).txt
Scan type: Quick Scan
Objects scanned: 143054
Time elapsed: 7 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
Log after ComboFix:
Malwarebytes' Anti-Malware 1.38
Database version: 2328
Windows 5.1.2600 Service Pack 3
6/24/2009 12:12:59 PM
mbam-log-2009-06-24 (12-12-59).txt
Scan type: Quick Scan
Objects scanned: 132167
Time elapsed: 5 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I attached the ComboFix log file also
Full Version: Rootkit
Hi,
I have split your post from another thread, because it's really confusing for the people who help if people post in eachothers threads...
Anyway, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:
Save this as txtfile CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
I have split your post from another thread, because it's really confusing for the people who help if people post in eachothers threads...
Anyway, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:
QUOTE
File::
c:\windows\system32\drivers\tgtkfojw.sys
Driver::
asme
NetSvc::
senekalight
c:\windows\system32\drivers\tgtkfojw.sys
Driver::
asme
NetSvc::
senekalight
Save this as txtfile CFScript
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.