AumHa Forums

Supporting Users of Windows Desktop Systems
It is currently Wed 9/8/10 10:47 pm

View unanswered posts | View active topics


Board index » Security » Parasites - Adware, Spyware & Other Scumware

All times are UTC - 8 hours [ DST ]



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 3 posts ] 
  Previous topic | Next topic 
Author Message
Hermler
 Post subject: [closed] Rootkit problems
PostPosted: Mon 2/8/10 12:55 pm 
Offline
New Member
New Member

Joined: Mon 2/8/10 09:42 am
Posts: 10
Don't know if you mind posting topics about other covered topics, but I am not sure what to do to identify and remove this particular little bugger or two.

I ran Gmer, and it said a rootkit has messed with things.
Here's the log.

Also, the rootkit disables virus removal and ident software. Also have a web search engine redirecter.

Here's the actual Gmer log.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 14:45:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: G:\DOCUME~1\HERMLE~1.OVE\LOCALS~1\Temp\kfryapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB95056B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7443D72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF74249A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7424B98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7444568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7444820]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB950514C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7442A80]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB950508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB95050F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB950576E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7444C8A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB950572E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7444036]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7424656]

---- Kernel code sections - GMER 1.0.15 ----

.text G:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6713360, 0x240F7E, 0xE8000020]
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !
.text G:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB6740300, 0x3AF78, 0xE8000020]
.text G:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7827300, 0x1BCE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text G:\WINDOWS\System32\svchost.exe[1028] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\WINDOWS\System32\svchost.exe[1028] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\WINDOWS\System32\svchost.exe[1028] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01189315 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0125DBCB G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0125DD81 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01264832 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011C1CA2 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0137E021 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0137DF51 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0137DFBE G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0137DE22 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0137DE84 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0137E084 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0137DEE6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0126488E G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D G:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 G:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E G:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A G:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED G:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1212] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 G:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text G:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe[1264] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe[1264] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe[1264] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01189315 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01264832 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0137E021 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0137DF51 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0137DFBE G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0137DE22 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0137DE84 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0137E084 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0137DEE6 G:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Internet Explorer\iexplore.exe[1680] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Windows Media Player\wmplayer.exe[2176] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Windows Media Player\wmplayer.exe[2176] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\Program Files\Windows Media Player\wmplayer.exe[2176] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\WINDOWS\Explorer.EXE[3460] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\WINDOWS\Explorer.EXE[3460] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CB63F820.x86.dll
.text G:\WINDOWS\Explorer.EXE[3460] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CB63F820.x86.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT G:\WINDOWS\system32\services.exe[720] @ G:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT G:\WINDOWS\system32\services.exe[720] @ G:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT G:\WINDOWS\System32\svchost.exe[1028] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\WINDOWS\System32\svchost.exe[1028] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\Program Files\Internet Explorer\iexplore.exe[1212] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\Program Files\Internet Explorer\iexplore.exe[1212] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\Program Files\Internet Explorer\iexplore.exe[1212] @ G:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] G:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT G:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe[1264] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe[1264] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\Program Files\Internet Explorer\iexplore.exe[1680] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\Program Files\Internet Explorer\iexplore.exe[1680] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\Program Files\Windows Media Player\wmplayer.exe[2176] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\Program Files\Windows Media Player\wmplayer.exe[2176] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\WINDOWS\Explorer.EXE[3460] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CB63F820.x86.dll
IAT G:\WINDOWS\Explorer.EXE[3460] @ G:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CB63F820.x86.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\System32\snmp.exe [188] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\system32\svchost.exe [988] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\System32\svchost.exe [1028] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\System32\svchost.exe [1084] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\Internet Explorer\iexplore.exe [1212] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\System32\svchost.exe [1216] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe [1264] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\System32\alg.exe [1320] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\system32\spoolsv.exe [1668] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\Internet Explorer\iexplore.exe [1680] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\system32\inetsrv\inetinfo.exe [1832] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\Java\jre6\bin\jqs.exe [1848] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1972] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\Windows Media Player\wmplayer.exe [2176] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2200] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2212] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\WINDOWS\Explorer.EXE [3460] 0x35670000
Library \\?\globalroot\Device\__max++>\CB63F820.x86.dll (*** hidden *** ) @ G:\Program Files\ATI Technologies\ATI.ACE\cli.exe [3880] 0x35670000

---- Files - GMER 1.0.15 ----

File G:\Rome - Total War\data\settlement_plans\slot_overlays\overlay_eastern_shrine_pavement.cas 0 bytes

---- EOF - GMER 1.0.15 ----
Top
 Profile E-mail  
 
Robear Dyer
 Post subject: Re: Rootkit problems
PostPosted: Mon 2/8/10 01:45 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Tue 3/11/03 09:02 pm
Posts: 21226
Location: NW ChesCo, Pennsylvania, USA
Welcome to AumHa Forums.

Start here: http://aumha.net/viewtopic.php?t=4075

After taking care of all requested Preliminaries in the above thread, please begin a new thread in Malware Removal forum and post your three (3) logs.

Thank you. Replies to this post will not be answered.

_________________
~Robear Dyer (PA Bear)
AumHa VSOP, Admin & Moderator
MS MVP-Internet Explorer, Mail, Consumer Security, Windows Desktop Experience - since 2002
Steely-eyed Missile Man, Sensei, & Mule Skinner
Errabundi Saepe, Semper Certi
:L) Your donations help keep this site going & are very much appreciated: http://aumha.org/donate.htm

Top
 Profile  
 
Maurice Naggar
 Post subject: Re: Rootkit problems
PostPosted: Tue 2/9/10 01:37 pm 
Offline
AH-VSOP & MS-MVP
AH-VSOP & MS-MVP
User avatar

Joined: Sun 8/15/04 07:08 pm
Posts: 4418
Location: USA
ref viewtopic.php?f=30&t=43331

_________________
~Maurice Naggar
MS-MVP, AumHa VSOP

If you find that we have helped with your issues, kindly consider making a contribution to help support these forums & this site.
http://aumha.org/donate.htm

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 3 posts ] 

Board index » Security » Parasites - Adware, Spyware & Other Scumware

All times are UTC - 8 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group