HELP! Unable to move to chest Win32:Rootkit-gen [Rtk]

Ok first off I have to say I have no clue what to do when it comes to this…

I have a quick scan set to run every day. Yesterday it found this thing. I tried to do the normal and move it to the chest.
It won’t, it just says Error: The process cannot access the file because it is being used by another process(32)

Also, I keep getting this popup on my screen that says MALICIOUS URL BLOCKED except its like 15 of them, all with different “objects”. ???

I am so lost, please anyone help. I would greatly appreciate it.
Thank you in advance.

follow the guide and attach the requested logs…http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done a removal specialist will be notified and help you. it may take hours before he arrive so be patient

Monitoring… :slight_smile:

Ok I did the first three. Here are the logs.

Now I’m about to do the last.

Thank you.

Here is the fourth.

Thank you again.

Hi,

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

[*]Disable any script blocking protection
[*]Right-click and Run as Administrator dds to run the tool.
[*]When done, two DDS.txt’s will open.
[*]Save both reports to your desktop.

Please attach the contents of the following in your next reply:

DDS.txt

Attach.txt

ComboFix

Download Combofix from the link below, and save it to your desktop.
Link

Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.


Ok so like I said in my first post I’m completely ignorant when it comes to this stuff but, who exactly am I replying to? Are ya’ll avast help people or just someone out there thinking they will do something bad to my computer? I mean no disrespect at all if your ligit, but I’m extremely paranoid about this kinda stuff… Please don’t get mad I’m just making sure for my own peace of mind.

OMG I just did the dds thing and it told me who yall are. I am so so sorry. Please forgive my rudeness, I’m just paranoid. I’m truly sorry. And thank you so much. :-[

Ok if you are willing to continue helping me even with my craziness, here are the items you requested.

Thank you again. :slight_smile:

Hi,

OMG I just did the dds thing and it told me who yall are. I am so so sorry. Please forgive my rudeness, I'm just paranoid. I'm truly sorry. And thank you so much.
No worries at all. :) I have been in your shoes and that is how I got started helping people. I know how scary a messed up computer can be.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

[*]Right-click and Run as Administrator SystemLook.exe to run it.
[*]Copy the content within the following codebox into the main textfield:


:dir
c:\users\Nay and Joshie\AppData\Roaming\GoR8O2t0cmI /s

[*]Click the Look button to start the scan.
[*]When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

:smiley: Ok thank you :smiley:

Um I’m not sure if this is important but I did a boot time scan and it found the two rootkit things and moved them to the chest. Then I did two different full system scans and they came up clean.

I will do as you advised anyways until I here from you.

Thank you!

Here is the Systemlook log :smiley:

Hi,

Sorry for any delay…I had classes yesterday.

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:

ClearJavaCache::

Folder::
c:\users\Nay and Joshie\AppData\Roaming\GoR8O2t0cmI

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix may request an update; please allow it.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

Attach the ComboFix log and let me know how your system is running now.

Can I ask? Why does avast keep scanning and finding nothing? Are these things that good? :smiley:

Here is the log.

Can I ask? Why does avast keep scanning and finding nothing? Are these things that good?
Well let's hope so LOL! How is your system running? :)

Everything seems normal. Nothing is slower than usual and every program is working right. :smiley:

Hi,

Good to hear! :slight_smile:

http://i1224.photobucket.com/albums/ee380/jeffce74/java-1.jpg
Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.


http://i1224.photobucket.com/albums/ee380/jeffce74/mbam-3.jpg
Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
[*]Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[]Wait for the scan to finish[]When the scan is done, if it shows a screen that says “Threats found!”, then click “List of found threats”, and then click “Export to text file…”[] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[]Close the ESET online scan, and let me know how things are now.

Hello again :smiley:

So sorry for the delay…

Here is the Malwarebytes log(attached).

And here is the text of the ESET:

C:\Downloads\Software\frostwire-4.20.5.windows.exe multiple threats
C:\Program Files\BearShare Applications\Mediabar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application
C:\Program Files\BearShare Applications\Mediabar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\BearShare Applications\Mediabar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files\Vid-Saver\Vid-Saver.dll.vir Win32/Toolbar.CrossRider application
C:\Users\Nay and Joshie\Documents\frostwire-4.21.8.windows.exe multiple threats
C:\Users\Nay and Joshie\Downloads\frostwire-4.20.5.windows.exe multiple threats
C:\Users\Nay and Joshie\Downloads\frostwire-4.21.8.windows.exe multiple threats

Thank you!!

Oh yeah and everything seems normal. Maybe a little slow…

Also, is it ok to be browsing on google and stuff without avast on or should I wait???

Thanks :smiley:

Hi,

You can turn Avast on and surf if you wish. :slight_smile:

ComboFix

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the box below:

ClearJavaCache::

File::
C:\Downloads\Software\frostwire-4.20.5.windows.exe
C:\Users\Nay and Joshie\Documents\frostwire-4.21.8.windows.exe
C:\Users\Nay and Joshie\Downloads\frostwire-4.20.5.windows.exe
C:\Users\Nay and Joshie\Downloads\frostwire-4.21.8.windows.exe

Folder::
C:\Program Files\BearShare Applications

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix may request an update; please allow it.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

Attach the new ComboFix log and let me know what malware related problems you are still having. :slight_smile: