[Cashcharac]

When I have my Trendmicro security running, I can't access http websites, or any programs that connect to a website for updates. I have no problem going to https sites like paypal. This problem started yesterday; up until that point I'd never had a problem. I tried turning off the firewall/anti-virus/internet security portions of the program, but the only thing that works is exiting completely out of it.

I thought I might have gotten a virus that I was unaware of, so I scanned my pc w/ IObit 360, and it ended up finding 2 Rootkit.Bagle. I had IObit remove both of them, and I thought that might've fixed my problem...but it did not.

Any suggestions would be appreciated.

[perfume]

Dear cashcharac,
Welcome! Obviously, the Rootkit Bagle was not eradicated and will not be with Iobit! This link will not only allow you to download Findykill(the best tool around to eradicate rootkit bagles) ,but also provide a step-by-step approach as to go about it! It's ideal,if you can take a print-out! Link; http://forums.majorgeeks.com/showthread.php?t=185312 Best wishes.

[Cashcharac]

Quote:

Originally Posted by perfume

Dear cashcharac,
Welcome! Obviously, the Rootkit Bagle was not eradicated and will not be with Iobit! This link will not only allow you to download Findykill(the best tool around to eradicate rootkit bagles) ,but also provide a step-by-step approach as to go about it! It's ideal,if you can take a print-out! Link; http://forums.majorgeeks.com/showthread.php?t=185312 Best wishes.

Thanks a bunch! I followed the steps I'm able to browse the net with my firewall on =). Worked like a charm. With Trendmicro working now, I'm fairly certain it has been fixed...but here's my .txt info just in case.


############################## | FindyKill V5.005 |

# User : Brad (Administrators) # BRAD-PC
# Update on 27/07/09 by Chiquitine29
# Start at: 2:18:20 AM | 8/14/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
# Microsoft® Windows Vista™ Home Premium (6.0.6001 64-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Trend Micro Internet Security 17.1.1250 [ Enabled | Updated ]

# C:\ # Local Fixed Disk # 283.39 Go (118.71 Go free) [Partition_1] # NTFS
# D:\ # Local Fixed Disk # 14.7 Go (7.97 Go free) [Recovery] # NTFS
# E:\ # Local Fixed Disk # 298.09 Go (193.86 Go free) # NTFS
# F:\ # CD-ROM Disc
# G:\ # Removable Disk
# H:\ # Removable Disk
# I:\ # Removable Disk
# J:\ # Removable Disk
# K:\ # CD-ROM Disc
# L:\ # CD-ROM Disc

############################## | Active Processes |

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\SysWOW64\runonce.exe

################## | C: |

Deleted ! D:\autorun.inf

################## | C:\Windows |

Deleted ! C:\Windows\Prefetch\WINUPGRO.EXE-B9E72D89.pf

################## | C:\Windows\system32 |


################## | C:\Windows\system32\drivers |


################## | C:\Users\Brad\AppData\Roaming |


################## | Other ... |


################## | Temporary Internet Files |

Deleted ! C:\Users\Brad\Local Settings\Temporary Internet Files\Content.IE5\0PZLEGSO\b649b4b0a406ba3345c33fadf991b821ff656f71_medium[1].jpg

################## | Registry / Infected keys |


################## | State / Service / Information |

# Safe boot mode : OK


# Showing of hidden files : OK

# Uac : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | PEH ... |


################## | Cracks / Keygens / Serials |

"C:\Users\Brad\.housecall6.6\"patch.exe""
07/20/2008 07:42 AM |Size 218736 |Crc32 12c79c8b |Md5 b9a80ba0083fb8196f8ca0bef053ea4e

"C:\Users\Brad\AppData\Local\CCP\EVE\c_program_files_(x86)_ccp_eve_tranquil ity\cache\"evepremiumpatch85476-86756.exe""
04/16/2009 04:10 PM |Size 956560 |Crc32 88a44f37 |Md5 7aa95505c8d5a718bd7f606e7c2fe256

"C:\Users\Brad\AppData\Local\CCP\EVE\c_program_files_(x86)_ccp_eve_tranquil ity\cache\"evepremiumpatch86756-88737.exe""
05/19/2009 06:26 AM |Size 954464 |Crc32 d022d134 |Md5 7e7be859fd2f34c88596d2a6434b8adc

"C:\Users\Brad\AppData\Local\CCP\EVE\c_program_files_(x86)_ccp_eve_tranquil ity\cache\"evepremiumpatch88737-88974.exe""
05/22/2009 03:13 AM |Size 942520 |Crc32 58b8ba71 |Md5 f64b1d23e9415fba47d1e4db82d7004d

"C:\Users\Brad\AppData\Local\CCP\EVE\c_program_files_(x86)_ccp_eve_tranquil ity\cache\"evepremiumpatch88974-89883.exe""
05/26/2009 11:49 PM |Size 942400 |Crc32 629c0e51 |Md5 107375cffc33373ebae530c26556208b

[perfume]

Dear cashcharac,
Congratulations on a job well done! You have acquired the rootkit Bagles from "Autoruns"! Autoruns are notorius for malware entries! I had this gut feeling and please look at this article which makes interesting reading : http://www.ciol.com/Technology/Secur.../6809123250/0/

This article is based on research by your own Trend-Micro people!

One more thing, i have noticed is you don't have the Vista service pack2 ! Now, i was out of Vista before this pack took shape, so folks who use Vista can advise you better!

Have a great weekend, bake a cake, cook a pie, make some ice-cream (preferably Choc.), say thanks to "perfume the teenage brat" and share it all!LOL.

[Cashcharac]

Haha, wow! I had no idea that Vista had a second service pack released...thanks for the heads up.

[Cashcharac]

Hrm, after installing some much needed windows updates, the problem seems to be occurring again. I'm not sure how this lil' buggar keeps reinfecting me, but it's getting annoying XD.

Edit: Also, Findykill won't run anymore. I go to the search option and it says access denied and closes.

Double Edit: Well, it seems the rootkit thingy decided to turn on my UAC so it was stopping Findykill from running. Got it running as administrator, but now after Findykill restarts my computer it sits at a black screen for 30 seconds and then just loads up normally with no virus cleaning from Findykill.