Keeps popping up help?

I need help it keeps popping up saying a Rootkit/Trojan virus under the name of 8000.@ and I don’t know how to make it stop or get rid of the viruse. Help please? :cry:

you may have Zero access rootkit

follow this guide and attach the logs…not copy and paste http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Yes that is what it says on malware.

C:\Users\haha\AppData\Roaming\Malwarebytes\Malwarebytes’Anti-Malware\Logs\mbam-log-2012-09-22(21-04-26).txt

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.23.01

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
haha :: DAMIEN [administrator]

Protection: Enabled

9/22/2012 9:04:26 PM
mbam-log-2012-09-22 (21-04-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289726
Time elapsed: 32 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Installer{91c60119-62d9-d485-bb4d-e839f1451c86}\U\80000000.@ (Trojan.Small) → Quarantined and deleted successfully.
C:\Windows\Installer{91c60119-62d9-d485-bb4d-e839f1451c86}\U\800000cb.@ (Rootkit.0Access) → Quarantined and deleted successfully.

(end)


You only posted MBAM. Where are the other 3 program logs?


Well all the others say the same thing that it is .0access rootkit and that it is attacking system 32 driver
here is logue from rogue killer
RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : haha [Admin rights]
Mode : Scan – Date : 09/25/2012 22:43:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[54] : NtConnectPort @ 0x821BF589 → HOOKED (Unknown @ 0x89FB4DF8)

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
→ C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320820AS ATA Device +++++
— User —
[MBR] 8d422347c1d5c059e99b522e7c0fff10
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296308 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606839310 | Size: 8934 Mo
User = LL1 … OK!
User = LL2 … OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

@Clone5876
Hi 8)

[*] I will be working on your Malware issues this may or may not solve other issues you have with your machine.
[*] The fixes are specific to your problem and should only be used for this issue on this machine.
[*] If you don’t know or understand something, please don’t hesitate to ask.
[*]Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
[*] Please DO NOT run any other tools or scans whilst I am helping you.
[*] It is important that you reply to this thread. Do not start a new topic.
[*] Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
[*] Absence of symptoms does not mean that everything is clear.


>> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

!!! DO NOT RUN ComboFix! First we will need to run RKill tool.

>> We need to use the RKill Tool by Grinler

Rkill.com <— Download site
[*] Please Download Rkill.com. Save it to your Desktop.
[*] Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

[*] NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

[*] Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
[*] Please be patient while the program looks for various malware programs and ends them.
[*] When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running.

>> You will then be able to proceed with the rest of the steps for running Combofix.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Then run Combofix…

>> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.