system
1
Hey guys. I’m at lost with this one. I keep getting an Avast popup “Win32:Rootkit-gen [Rtk]” has been found in “c:\windows\system32\nekpnrv.fc” file.
I’ve tried everything I can think of to get rid of this. I ran a boot-time scan and did not find anything. I ran Windows Malicious removal tool and found Conficker.B and removed it, I ran Windows malicious removal tool again and did not find anything. I also Ran malwarebytes, emsisoft, F-secure Blacklight, and OTL and found nothing. I ran these tools on both safe mode and normal.
GMER, RootReeal, and RootkitRevealer did not work for 64 bit.
I was wondering if anyone had any tips on how I can get rid of this.
Pondus
2
and OTL and found nothing
if you run OTL then you should post/attach the logs here..
lower left corner > additional options > attach
system
3
Thanks for the reply Pondus. Here you go.
Could be TDL3 so
Please read carefully and follow these steps.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
[*]If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
system
6
Can you send it to the chest and then upload to Avast ?
As you are on a server I see you are still using 4.8
system
8
Thanks again essexboy. I’ve been sending it to the chest. It pops up every few minutes or hours. How can I upload it to Avast? Yes, it is running Win2k3 R2. 64 bit.
http://i14.photobucket.com/albums/a325/albertdcjr/chest.jpg
system
9
Morning all. I uninstalled Avast and installed Avira Antivir Server last night. I ran a scan last night and found Worm:Conficker.O, it went to quarantine. I set a scan at 7AM today and it found the same Worm:Conficker.O and put it in quarantine. I dowloaded Avira Rescue CD and burned it on a disc. I’m running it right now. I’ll let you guys know how it goes. I’m also downloading kaspersky rescue 10 and will be burning that into a CD and running it as soon as Avira Rescue finishes.
Hmm thinking about it I do think 4.8 has the option to upload from the chest - I’ll check it out