I am at school using a desktop to send you this. Last night I started geting ERR_101 and ERR_104 on comp. Full Avast scan revealed 5619 rootkits, Which I cannot quarantine by Repair, Move to Chest or Delete. I have tried everything, don’t know what to do please help!
Full Avast scan revealed 5619 rootkits,looks like a file infector ???
follow the guide here and attach the logs http://forum.avast.com/index.php?topic=53253.0
Cannot download jack. Browser got blocked, ERR_101 and ERR_104.
What is the operating system ?
Are you able to download anything from safe mode with networking ?
Win7 Home Premium and nope…so I might have to use Factory Restore on Dell DAtaSafe Backup Utility.
What name did Avast give to the virus ?
Can you access another computer to burn a CD ?
The name was “Threat: Rootkit, hidden process” and PID 8, PID 12, PID 15, PID 64128 (guess on last one), etc. All I know is the Geek Squad said to use restore to factory settings to end it.
Are you able to copy programmes to the poorly computer to run them ?
THAT I can do. My comp runs the antivirus, CCleaner, etc. Just won’t update or connect online. Sadly same can be said for Second Life… X.x Curses…
[list]OK two programmes then to use the first is a gentle one and may enable you to access the net, if it doesn’t allow you to then run the second programme
Download RogueKiller to your desktop
[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 2 and validate
[]The RKreport.txt shall be generated next to the executable.
[]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
If you cannot still access the net then run this
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Did you happen to do a custom scan and elect to scan memory ?
I suspect so as the mention of a PID isn’t usual for normal scan detection elements.
My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory. Since they aren’t physical files they can’t be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.
The detections in memory are frequently other security applications loading unencrypted virus signatures into memory.
What other security applications do you have installed ?
####
You can check the report files for the actual scan that you did that will have the file name, location and malware name of the detections. Check the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report (XP) or C:\ProgramData\AVAST Software\Avast\report (Vista, Win7, this location is hidden by default so you may have to unhide it).
See image extract of that folder and some of the scans I have setup on my system, the file name will match the scan name unless you changed it.
I’ll try, but I’m not THAT good with computer advanced stuff.
;D hope springs eternal, never say die
Pray for me guys…
Ok 
Well apparently God has a twisted sense of humor because I’m getting PIDs again.
Could you post the logs please so that I can see what they reveal