i did a quick scan and it found nothing.then i did a full scan and it found 2 rootkit viruses and an error saying access denied to move to chest or delete.i run malware bytes scan and it found nothing then i downloaded olc and run a scan but that’s as far as i got.can someone help me ti get rid of the rootkit.i’m no computer wiz so please have patience we me.
Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
Also what file was noted as the rootkit
here r the things i think u need
here r the file names C:.…\4173770660c6b8a566e97ecf804064dac7afb864
C:.…mpas-d_bd_1.141.2103.0.exe
here is another 1 i ran
olc scan
Not seeing a great deal there, how is the computer behaving ?
Download the GMER Rootkit Scanner. to your Desktop, it will be a randomly named .exe file .
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click the file you downloaded. The program will begin to run.
https://dl.dropbox.com/u/73555776/GMER_Open.JPG
Caution
These types of scans can produce false positives. Do NOT take any action on any “<— ROOKIT” entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
[*]Click NO
[*]In the right panel, you will see a bunch of boxes that have been checked … leave everything checked and ensure the Show all box is un-checked.
[*]Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
[]Click OK.
[]GMER will produce a log. Click on the [Save…] button, and in the File name area, type in “GMER.txt”
[*]Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
i think during the scan my laptop froze up.i’m on my pc now any suggestions
i got it scanning again.i will post the results once i get them.thanks
GMER RESULTS.The file is too large what should i do?
Could you post the last 30 lines of the report please
i can tryThread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3584:3996] 0000000076237587
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3584:4000] 000000006fca0cb3
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3584:2752] 0000000076f32e25
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3584:3236] 0000000076f33e45
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3584:5536] 0000000076f33e45
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3584:1352] 0000000076f33e45
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [376:3648] 000007fefe420168
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [376:2336] 000007fefb852a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [376:2440] 000007fef5c8d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [376:3428] 000007fef93e5124
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ) @ C:\windows\system32\csrss.exe [468] 000007fefd0a0000
Library ? ( suspicious ) @ C:\windows\system32\svchost.exe [696] 000007fefd200000
Library ? ( suspicious ) @ C:\windows\system32\svchost.exe [1012] 000007fef8a70000
Library ? ( suspicious ) @ C:\Program Files\AVAST Software\Avast\afwServ.exe [1332] 00000000727b0000
Library ? ( suspicious ) @ C:\windows\System32\spoolsv.exe [1436] 000007fef83e0000
Library ? ( suspicious ) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1528] 0000000076330000
Library ? ( suspicious ) @ C:\windows\system32\svchost.exe [1584] 000007fefade0000
Library ? ( suspicious ) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [1620] 0000000076450000
Library ? ( suspicious ) @ C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [1752] 0000000075ff0000
Library ? ( suspicious ) @ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [1988] 00000000758d0000
Library ? ( suspicious ) @ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2220] 0000000071e70000
Library ? ( suspicious ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [376] 000007fefe3f0000
Library ? ( suspicious ***) @ C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2252] 0000000074620000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network{4D36E972-E325-11CE-BFC1-08002BE10318}{5DD14397-D7C8-41B0-9168-A294CA3C33E9}\Connection@Name isatap.{F8B97548-D0B4-4948-9564-09A5A0B7CD3E}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network{4d36e975-e325-11ce-bfc1-08002be10318}{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device{A556EB21-4616-408A-9ED9-1679EBABECFF}?\Device{E22EABAD-2239-4754-93C0-89762AD51BB5}?\Device{5DD14397-D7C8-41B0-9168-A294CA3C33E9}?\Device{B2FA430A-C970-4DA2-80BA-6919EA3545EE}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network{4d36e975-e325-11ce-bfc1-08002be10318}{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route “{A556EB21-4616-408A-9ED9-1679EBABECFF}”?“{E22EABAD-2239-4754-93C0-89762AD51BB5}”?“{5DD14397-D7C8-41B0-9168-A294CA3C33E9}”?“{B2FA430A-C970-4DA2-80BA-6919EA3545EE}”?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network{4d36e975-e325-11ce-bfc1-08002be10318}{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{A556EB21-4616-408A-9ED9-1679EBABECFF}?\Device\TCPIP6TUNNEL_{E22EABAD-2239-4754-93C0-89762AD51BB5}?\Device\TCPIP6TUNNEL_{5DD14397-D7C8-41B0-9168-A294CA3C33E9}?\Device\TCPIP6TUNNEL_{B2FA430A-C970-4DA2-80BA-6919EA3545EE}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap{5DD14397-D7C8-41B0-9168-A294CA3C33E9}@InterfaceName isatap.{F8B97548-D0B4-4948-9564-09A5A0B7CD3E}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap{5DD14397-D7C8-41B0-9168-A294CA3C33E9}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch
i did what u said but i haven’t heard back from u.maybe i’ll check with u tomorrow.thanks for all the help.
Have you had any further rootkit alerts ?
i haven’t run a scan yet should i?
i haven’t run a full scan yet should i?
i haven’t run a full scan yet,should i? 1 more thing have u ever heard of unibluespeedupmypc program file origin hard drive program location C:\program files(x86\uniblue\speedupmypc\sump.exe"2000 this keeps popping up every time i click on google chrome.it want to change my hard drive on my computer and i always click no.is there anyway i can remove it?
Yes uninstall via control panel … If that fails let me know and I will remove it
Run a scan to see if the alerts are still there
i will run the full scan and with uinblue i think i tried to delete it from the panel and it wouldn’t let me.but first i will do the scan that will take awhile.talk to u later and thanks again