Hello,
I can't seem to remove a Root.Kit agent called "C:/WINDOWS/drivers/system32/str.sys" sucessfully.
Malwarebytes keeps just telling me re-start my computer (after the scan).
I have, three times, and each time I do another scan to make sure it's gone, it still comes up.
This is the family computer and it's used to check multiple bank accounts and whatnot, so I need this to be removed A.S.A.P.
Any help to remove this would be greatly apperciated.
Here's my Malwarebytes log
Malwarebytes' Anti-Malware 1.41
Database version: 2990
Windows 5.1.2600 Service Pack 2
10/25/2009 12:08:06 PM
mbam-log-2009-10-25 (12-08-01).txt
Scan type: Quick Scan
Objects scanned: 97375
Time elapsed: 14 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
Full Version: Rootkit.Agent C:/WINDOWS/drivers/system32/str.sys
The first try is getting up to date with definitions and then scan again . You are at least 40 updates behind currently .
Are you serious?
Wow...They update their stuff quickly!
I'll try doing that.
Thank you
Wow...They update their stuff quickly!
I'll try doing that.
Thank you
So, I just updated and found that I had 2 trojans and the rootkit on there.
I was able to remove the trojans, but the rootkit wasn't in the quaratine section after I re-booted.
I was able to remove the trojans, but the rootkit wasn't in the quaratine section after I re-booted.
QUOTE (Lady Hatter @ Oct 25 2009, 01:09 PM) 
So, I just updated and found that I had 2 trojans and the rootkit on there.
I was able to remove the trojans, but the rootkit wasn't in the quaratine section after I re-booted.
I was able to remove the trojans, but the rootkit wasn't in the quaratine section after I re-booted.
**EDIT
After doing another scan, it shows that the rootkit is still there.
Greetings 
.
If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:
If you aren't able to use those instructions or there are other issues then please follow the instructions here:
I'm infected - What do I do now?
And post your logs in a new topic here:
Malware Removal - HijackThis Logs
Please be sure not to install any software or use any removal or scanning tools except those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.
note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.
.If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:
- Windows Police Pro
- CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX
- Total-Security (FakeAlert)
- av360 (Fakealert)
- SystemSecurity
If you aren't able to use those instructions or there are other issues then please follow the instructions here:
I'm infected - What do I do now?
And post your logs in a new topic here:
Malware Removal - HijackThis Logs
Please be sure not to install any software or use any removal or scanning tools except those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.
note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.
Alright!
I've posted everything in the "Malware Removal - HijackThis Logs" fourms
I've posted everything in the "Malware Removal - HijackThis Logs" fourms
@ Lady Hatter,
You're in good hands in there. Please be patient while you are waiting and don't add additional information to your post in the HJT forum. If you think of something else to add, just write it down and save it until someone is helping you. If someone hasn't gotten to you in 48 hours, please send a private message to one of the administrators or moderators, explaining that you are still waiting for help. You might want to take the opportunity, if possible, to backup your personal files to an external drive or CD while you are waiting.
You're in good hands in there. Please be patient while you are waiting and don't add additional information to your post in the HJT forum. If you think of something else to add, just write it down and save it until someone is helping you. If someone hasn't gotten to you in 48 hours, please send a private message to one of the administrators or moderators, explaining that you are still waiting for help. You might want to take the opportunity, if possible, to backup your personal files to an external drive or CD while you are waiting.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.