Jump to content
eno

Stubborn Rootkit

Recommended Posts

Hello. 2 days ago I was hit with a barrage of viruses, and I'm not sure exactly where they came from. The main symptom was something like...a fake program called malware doctor or something like that, that kept popping up and asking me to order their product. Since then I've been working to remove all of the viruses/malware that were on my computer (superantispyware found 63 on first run). After researching the problem, I found that rebooting in safe mode and using SAS or MBAM should fix the problem. Unfortunately that was only partially the case.

After running SAS and MBAM I realized that my google chrome (the browser I normally use) didn't work. I would open the page and it would just show the loading symbol until it asked me to kill the page or wait. I did a little more research only to find that people that have this problem appear to be afflicted with some sort of rootkit problem. Lo and behold, SAS finds 1 rootkit and a few adware tracking cookies...after deleting and rebooting, my google chrome still doesn't work, and I search again (all of these searches are done in safe mode btw) and the rootkit is still here (even after running the scan + deleting multiple times). Can someone help me get rid of this once and for all? I'd appreciate it.

OS: Windows XP

Most recent log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 04/13/2010 at 00:24 AM

Application Version : 4.33.1000

Core Rules Database Version : 4799

Trace Rules Database Version: 2611

Scan type : Quick Scan

Total Scan Time : 00:12:35

Memory items scanned : 283

Memory threats detected : 0

Registry items scanned : 592

Registry threats detected : 0

File items scanned : 9866

File threats detected : 6

Adware.Tracking Cookie

C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt

Trojan.RootKit/Gen

C:\WINDOWS\SYSTEM32\DRIVERS\RGXRL.SYS

Share this post


Link to post
Share on other sites

First of all you should upgrade to the latest version of SAS which is V4.35.1002. Then scan with the new version while in safe mode. If that does not remove the rootkit, submit a Customer Support Request via the link below and let the SAS gurus work with you to remove the critter.

https://www.superantispyware.com/precreateticket.html

Share this post


Link to post
Share on other sites

Thank you. Although the update didn't help, I did send a support request.

Most recent log:

Generated 04/13/2010 at 02:01 AM

Application Version : 4.35.1002

Core Rules Database Version : 4799

Trace Rules Database Version: 2611

Scan type : Quick Scan

Total Scan Time : 00:11:43

Memory items scanned : 312

Memory threats detected : 0

Registry items scanned : 592

Registry threats detected : 0

File items scanned : 9865

File threats detected : 7

Adware.Tracking Cookie

C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt

C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt

C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[1].txt

C:\Documents and Settings\NetworkService\Cookies\system@xml.happytofind[2].txt

Trojan.RootKit/Gen

C:\WINDOWS\SYSTEM32\DRIVERS\RGXRL.SYS

Share this post


Link to post
Share on other sites

If you would like to submit a support request we can run a diagnostic on the system and see what we can find!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...