Hey guys. I’m at lost with this one. I keep getting an Avast popup “Win32:Rootkit-gen [Rtk]” has been found in “c:\windows\system32\nekpnrv.fc” file.

I’ve tried everything I can think of to get rid of this. I ran a boot-time scan and did not find anything. I ran Windows Malicious removal tool and found Conficker.B and removed it, I ran Windows malicious removal tool again and did not find anything. I also Ran malwarebytes, emsisoft, F-secure Blacklight, and OTL and found nothing. I ran these tools on both safe mode and normal.

GMER, RootReeal, and RootkitRevealer did not work for 64 bit.

I was wondering if anyone had any tips on how I can get rid of this.

and OTL and found nothing
if you run OTL then you should post/attach the logs here..

lower left corner > additional options > attach

Thanks for the reply Pondus. Here you go.

Essexboy is notified… :wink:

Could be TDL3 so

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

Thanks essexboy. Scan completed. Not found.

http://i14.photobucket.com/albums/a325/albertdcjr/tdsskiller.jpg

And here is what I’m trying to get rid of.

http://i14.photobucket.com/albums/a325/albertdcjr/virus.jpg

Can you send it to the chest and then upload to Avast ?

As you are on a server I see you are still using 4.8

Thanks again essexboy. I’ve been sending it to the chest. It pops up every few minutes or hours. How can I upload it to Avast? Yes, it is running Win2k3 R2. 64 bit.

http://i14.photobucket.com/albums/a325/albertdcjr/chest.jpg

Morning all. I uninstalled Avast and installed Avira Antivir Server last night. I ran a scan last night and found Worm:Conficker.O, it went to quarantine. I set a scan at 7AM today and it found the same Worm:Conficker.O and put it in quarantine. I dowloaded Avira Rescue CD and burned it on a disc. I’m running it right now. I’ll let you guys know how it goes. I’m also downloading kaspersky rescue 10 and will be burning that into a CD and running it as soon as Avira Rescue finishes.

Hmm thinking about it I do think 4.8 has the option to upload from the chest - I’ll check it out