Critical Files in the Virus Chest - Cant get windows to boot properly

Avast found multiple files that it said were infected with maleware and recommended that I put them in the Virus Chest which I did then it said to restart which I did. Now none of my USB ports work, or touch pad and the screen resolution is so large that I cant even see all of the screen.

I am sure that the .sys files that control all of that are now in the Virus Chest but I cannot access them as I cant use a mouse or pointing device to navigate the program.

I was able to start AVAST using the command line and typing in the “C:\Program Files\Alwil Software\Avast4\ashAvast.exe” line but I cannot get the Virus Chest to open to restore the files that I need.

Help please, this is my wife’s laptop and I have been pulling my hair out all day trying to get this crap off of it so she can process payroll for our business tomorrow.

Thanks!

Brad

What is the malware name/s of the infected file name/s, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry. This option is probably the easiest.

Are you sure it isn’t booting into safe mode as that, a) it doesn’t start avast by default, b) the screen resolution is 800x600 and 256 colours and c) safe mode may disable other drivers so it could have other consequences.

Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?

Note:
If you do remove avast you would loose the ability to get anything out of the chest that you/she sent there.

Your .sys files are not necessarily in the virus chest unless you actual saw them sent to the chest. in the very least if the virus had been operational amongst the system files then would not expect the computer to have returned to normal mode. And virus may not have been in system files. VGA driver is perhaps now not working proper. Likewise USB disabled. Boot into Setup at computer restart (F1, F2, oe DEL) and reset the Setup defaults may help. Also rest Display settings in Control Panel.

Ensure that you update your Mircrosoft. Inability to update automatically can be a sign of malware infection. About all that I can offer on information s far received, What is your operating system?

It wont even load in safe mode as it goes straight to blue screen when I use that option. When I use the keyboard (as mouse and touchpad do not work) to navigate to notepad it tells me that the program is infected with a virus and it cannot open it. I think we really screwed it up with this. The machine was and is running Windows Live OneCare. Thanks for your help.

Here is the log file. (I removed the HD and connected it via USB/SATA cable to my other pc.) I will have to post it in multiple parts as it is over the 10000 character limit for a post.

Part 1:
9/7/2009 4:00:00 PM 1252353600 SYSTEM 1740 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/7/2009 5:21:25 PM 1252358485 Bitsy 4748 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\sdra64.exe” file.
9/7/2009 5:21:28 PM 1252358488 Bitsy 4748 Sign of “” has been found in “C:\WINDOWS\system32\sdra64.exe||AntiRootkit [FILE]|||10|0|2|COO1||COO2||” file.
9/7/2009 6:03:23 PM 1252361003 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\DOCUME~1\Bitsy\LOCALS~1\Temp\rdl2E.tmp” file.
9/7/2009 6:03:24 PM 1252361004 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\aec.sys” file.
9/7/2009 6:03:24 PM 1252361004 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\aec.sys” file.
9/7/2009 6:03:25 PM 1252361005 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\arp1394.sys” file.
9/7/2009 6:03:26 PM 1252361006 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\asyncmac.sys” file.
9/7/2009 6:03:26 PM 1252361006 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\asyncmac.sys” file.
9/7/2009 6:03:27 PM 1252361007 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\atmarpc.sys” file.
9/7/2009 6:03:27 PM 1252361007 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\atmarpc.sys” file.
9/7/2009 6:03:27 PM 1252361007 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\audstub.sys” file.
9/7/2009 6:03:29 PM 1252361009 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\bcmwl5.sys” file.
9/7/2009 6:03:31 PM 1252361011 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys” file.
9/7/2009 6:03:32 PM 1252361012 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\CmBatt.sys” file.
9/7/2009 6:03:34 PM 1252361014 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DMusic.sys” file.
9/7/2009 6:03:34 PM 1252361014 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DMusic.sys” file.
9/7/2009 6:03:35 PM 1252361015 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\drmkaud.sys” file.
9/7/2009 6:03:35 PM 1252361015 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\drmkaud.sys” file.
9/7/2009 6:03:37 PM 1252361017 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys” file.
9/7/2009 6:03:39 PM 1252361019 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys” file.
9/7/2009 6:03:39 PM 1252361019 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys” file.

Part 2:
9/7/2009 6:03:42 PM 1252361022 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\e100b325.sys” file.
9/7/2009 6:03:42 PM 1252361022 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\e100b325.sys” file.
9/7/2009 6:03:43 PM 1252361023 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\fdc.sys” file.
9/7/2009 6:03:43 PM 1252361023 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\fdc.sys” file.
9/7/2009 6:03:46 PM 1252361026 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\flpydisk.sys” file.
9/7/2009 6:03:49 PM 1252361029 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\flpydisk.sys” file.
9/7/2009 6:03:52 PM 1252361032 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys” file.
9/7/2009 6:03:55 PM 1252361035 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\msgpc.sys” file.
9/7/2009 6:03:58 PM 1252361038 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\HDAudBus.sys” file.
9/7/2009 6:04:02 PM 1252361042 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\hidusb.sys” file.
9/7/2009 6:04:12 PM 1252361052 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys” file.
9/7/2009 6:04:21 PM 1252361061 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys” file.
9/7/2009 6:17:55 PM 1252361875 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\ialmnt5.sys” file.
9/7/2009 6:18:04 PM 1252361884 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\ip6fw.sys” file.
9/7/2009 6:18:11 PM 1252361891 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\ipinip.sys” file.
9/7/2009 6:18:20 PM 1252361900 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\irenum.sys” file.
9/7/2009 6:18:26 PM 1252361906 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\kmixer.sys” file.
9/7/2009 6:19:44 PM 1252361984 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\Modem.sys” file.
9/7/2009 6:19:52 PM 1252361992 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\mouhid.sys” file.
9/7/2009 6:19:55 PM 1252361995 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\MSKSSRV.sys” file.
9/7/2009 6:19:58 PM 1252361998 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\MSPQM.sys” file.
9/7/2009 6:20:02 PM 1252362002 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\ndistapi.sys” file.
9/7/2009 6:20:04 PM 1252362004 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\ndiswan.sys” file.
9/7/2009 6:20:06 PM 1252362006 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\nic1394.sys” file.
9/7/2009 6:20:09 PM 1252362009 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\pctnullport.sys” file.
9/7/2009 6:20:11 PM 1252362011 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\nv4_mini.sys” file.
9/7/2009 6:20:14 PM 1252362014 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys” file.
9/7/2009 6:20:16 PM 1252362016 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\parport.sys” file.
9/7/2009 6:20:18 PM 1252362018 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\System32\Drivers\PCASp50.sys” file.
9/7/2009 6:20:22 PM 1252362022 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\PCTINDIS5.SYS” file.
9/7/2009 6:20:25 PM 1252362025 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\raspptp.sys” file.
9/7/2009 6:20:27 PM 1252362027 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\psched.sys” file.
9/7/2009 6:20:29 PM 1252362029 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\rasl2tp.sys” file.
9/7/2009 6:20:31 PM 1252362031 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\raspppoe.sys” file.
9/7/2009 6:20:33 PM 1252362033 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\rdpdr.sys” file.
9/7/2009 6:20:35 PM 1252362035 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\RDPWD.sys” file.
9/7/2009 6:20:36 PM 1252362036 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\rimmptsk.sys” file.
9/7/2009 6:20:38 PM 1252362038 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\rixdptsk.sys” file.
9/7/2009 6:20:40 PM 1252362040 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\sdbus.sys” file.
9/7/2009 6:20:42 PM 1252362042 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\serenum.sys” file.
9/7/2009 6:20:43 PM 1252362043 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\splitter.sys” file.
9/7/2009 6:20:45 PM 1252362045 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\sthda.sys” file.
9/7/2009 6:20:47 PM 1252362047 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\swenum.sys” file.
9/7/2009 6:21:30 PM 1252362090 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\swmidi.sys” file.
9/7/2009 6:21:32 PM 1252362092 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\swmx00.sys” file.
9/7/2009 6:21:34 PM 1252362094 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\SynTP.sys” file.
9/7/2009 6:21:35 PM 1252362095 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\TDPIPE.sys” file.
9/7/2009 6:21:37 PM 1252362097 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\update.sys” file.
9/7/2009 6:21:39 PM 1252362099 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\System32\Drivers\usbaapl.sys” file.
9/7/2009 6:21:41 PM 1252362101 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\usbehci.sys” file.
9/7/2009 6:21:42 PM 1252362102 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\usbprint.sys” file.
9/7/2009 6:21:46 PM 1252362106 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS” file.
9/7/2009 6:21:49 PM 1252362109 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\wanarp.sys” file.
9/7/2009 6:21:51 PM 1252362111 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\wdmaud.sys” file.
9/7/2009 6:21:58 PM 1252362118 Bitsy 1732 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys” file.
9/7/2009 6:27:17 PM 1252362437 Bitsy 4272 Sign of “Rootkit: hidden file” has been found in “C:\WINDOWS\system32\sdra64.exe” file.
9/7/2009 6:27:20 PM 1252362440 Bitsy 4272 Sign of “” has been found in “C:\WINDOWS\system32\sdra64.exe||AntiRootkit [FILE]|||10|0|2|COO1||COO2||” file.

Part 3:
9/7/2009 7:49:27 PM 1252367367 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\DOCUME~1\Bitsy\LOCALS~1\Temp\rdl3.tmp” file.
9/7/2009 7:49:31 PM 1252367371 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\aec.sys” file.
9/7/2009 7:49:31 PM 1252367371 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\aec.sys” file.
9/7/2009 7:49:33 PM 1252367373 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\arp1394.sys” file.
9/7/2009 7:49:33 PM 1252367373 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\arp1394.sys” file.
9/7/2009 7:49:34 PM 1252367374 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\asyncmac.sys” file.
9/7/2009 7:49:34 PM 1252367374 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\asyncmac.sys” file.
9/7/2009 7:49:38 PM 1252367378 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\atmarpc.sys” file.
9/7/2009 7:49:38 PM 1252367378 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\atmarpc.sys” file.
9/7/2009 7:49:41 PM 1252367381 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\audstub.sys” file.
9/7/2009 7:49:55 PM 1252367395 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\bcmwl5.sys” file.
9/7/2009 7:49:59 PM 1252367399 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys” file.
9/7/2009 7:50:01 PM 1252367401 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\CmBatt.sys” file.
9/7/2009 7:50:04 PM 1252367404 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DMusic.sys” file.
9/7/2009 7:50:04 PM 1252367404 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DMusic.sys” file.
9/7/2009 7:50:09 PM 1252367409 SYSTEM 964 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\drmkaud.sys” file.
9/7/2009 8:31:41 PM 1252369901 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\DOCUME~1\Bitsy\LOCALS~1\Temp\rdl4.tmp” file.
9/7/2009 8:31:43 PM 1252369903 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\aec.sys” file.
9/7/2009 8:31:43 PM 1252369903 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\aec.sys” file.
9/7/2009 8:31:44 PM 1252369904 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\arp1394.sys” file.
9/7/2009 8:31:44 PM 1252369904 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\arp1394.sys” file.
9/7/2009 8:31:45 PM 1252369905 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\asyncmac.sys” file.
9/7/2009 8:31:45 PM 1252369905 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\asyncmac.sys” file.
9/7/2009 8:31:47 PM 1252369907 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\atmarpc.sys” file.
9/7/2009 8:31:47 PM 1252369907 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\atmarpc.sys” file.
9/7/2009 8:31:48 PM 1252369908 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\audstub.sys” file.
9/7/2009 8:31:50 PM 1252369910 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\bcmwl5.sys” file.
9/7/2009 8:31:51 PM 1252369911 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys” file.
9/7/2009 8:31:53 PM 1252369913 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\CmBatt.sys” file.
9/7/2009 8:31:54 PM 1252369914 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DMusic.sys” file.
9/7/2009 8:31:54 PM 1252369914 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DMusic.sys” file.
9/7/2009 8:31:55 PM 1252369915 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\DOCUME~1\Bitsy\LOCALS~1\Temp\rdl18.tmp” file.
9/7/2009 8:31:56 PM 1252369916 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\drmkaud.sys” file.
9/7/2009 8:31:56 PM 1252369916 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\drmkaud.sys” file.
9/7/2009 8:31:57 PM 1252369917 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\drmkaud.sys” file.
9/7/2009 8:31:58 PM 1252369918 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys” file.
9/7/2009 8:31:58 PM 1252369918 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys” file.
9/7/2009 8:32:02 PM 1252369922 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys” file.
9/7/2009 8:32:02 PM 1252369922 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys” file.
9/7/2009 8:32:05 PM 1252369925 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\e100b325.sys” file.
9/7/2009 8:32:05 PM 1252369925 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\e100b325.sys” file.
9/7/2009 8:32:07 PM 1252369927 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\fdc.sys” file.
9/7/2009 8:32:07 PM 1252369927 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\fdc.sys” file.
9/7/2009 8:32:09 PM 1252369929 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\flpydisk.sys” file.
9/7/2009 8:32:09 PM 1252369929 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\flpydisk.sys” file.
9/7/2009 8:32:12 PM 1252369932 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys” file.
9/7/2009 8:32:15 PM 1252369935 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\msgpc.sys” file.
9/7/2009 8:32:20 PM 1252369940 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\HDAudBus.sys” file.
9/7/2009 8:32:23 PM 1252369943 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\hidusb.sys” file.
9/7/2009 8:32:23 PM 1252369943 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\hidusb.sys” file.
9/7/2009 8:32:30 PM 1252369950 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys” file.
9/7/2009 8:32:30 PM 1252369950 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys” file.
9/7/2009 8:32:36 PM 1252369956 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\System32\Drivers\HTTP.sys” file.
9/7/2009 8:35:12 PM 1252370112 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\ipnat.sys” file.
9/7/2009 8:35:19 PM 1252370119 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\drivers\MSPCLOCK.sys” file.
9/7/2009 8:35:22 PM 1252370122 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\ndisuio.sys” file.
9/7/2009 8:35:27 PM 1252370127 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\NWADIenum.sys” file.
9/7/2009 8:35:31 PM 1252370131 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\ptilink.sys” file.
9/7/2009 8:35:35 PM 1252370135 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\raspti.sys” file.
9/7/2009 8:35:39 PM 1252370139 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\system32\DRIVERS\rimsptsk.sys” file.
9/7/2009 8:35:43 PM 1252370143 Bitsy 936 Sign of “Win32:Rootkit-gen [Rtk]” has been found in “C:\WINDOWS\System32\Drivers\RootMdm.sys” file.

Unfortunately there are more, but I will not post them unless you tell me you need them as I don’t want to waste board space if unneeded.

Thanks.

No need to post any others, that is without doubt the most infections I have seen in the Drivers folder, which is commonly used by rootkits to drop their .sys files.

A brief check (google) of many shows some are legitimate file names (but that isn’t a guarantee they aren’t malicious or infected), so there is definitely something weird going on. What is a bit beyond my experience, I will try and get someone to have a look at it.

What is your vps file version(updates version?)

As I cant access that info on the infected machine, I installed it yesterday on two machines and the one I can access is File version: 090908-0

@David R

has this anything to do with this: ???

I honestly don’t know as I don’t use Live OneCare, but I would doubt it, though it is a possibility. However, that wouldn’t account for all the detections.

I have XP Pro and many of those file names in my system32\drivers\ folder are windows system files and I have just done an avast scan and nothing found.

The reason I did that was to effectively check for a false positive detection as virtually all of those were detected by win32:rootkit-gen, but no detections on my clean system. That is with avast VPS 090908-0 that brobinson reports

Is there anyway to recover any of those files from the virus chest with an entry in the command line prompt as I cant use a mouse or touchpad. I cannot navigate the avast program with keyboard shortcuts as most windows.

No, there isn’t such a possibility.

Run ashSimp2.exe from avast folder and you’ll be able.