1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Rootkit win32 virus?

Discussion in 'Virus & Other Malware Removal' started by panur, Apr 19, 2010.

Thread Status:
Not open for further replies.
  1. panur

    panur Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    2
    This is an issue a friend who does not speak English is having, so I’m posting this for her in hopes to be able to get an answer, as I’ve run my limited knowledge of tech support dry.

    (We have tried downloading hijack several times, but so far it’s not allowed her to, so here’s all the information we’ve been able to gather so far, I'll try again to install it tomorrow)

    The user was on her computer which had no sort of issues until she attempted to download a movie through Ares. Before the file finished downloading, the user attempted to open the file, prompting AVAST to go off.

    She cut the internet connection immediately, but was informed by the antivirus that it had already infected three main system files (Winsock.dll, wsock32.dll, kernel32.dll) and it started spreading immediately. She used AVAST to quarantine the infected files.

    After that she ran a number of antispyware (mkr online, malwarebytes, doctor spyware, dr web) but all of them said there was nothing infecting the computer. When she used online virus total it told her her system was still infected.

    User downloaded super anti spyware and cleaned several spybots and a Trojan, but as it’s not specialized in virus it was unable to find the rootkit win32.

    (http://s179.photobucket.com/albums/w308/Angevelinka/?action=view&current=screen.jpg)

    all of those have been eliminated after the restart.

    Avast has the following folders quarantained:

    http://s179.photobucket.com/albums/w308/Angevelinka/?action=view&current=lista1.jpg
    http://s179.photobucket.com/albums/w308/Angevelinka/?action=view&current=lista2.jpg
    http://s179.photobucket.com/albums/w308/Angevelinka/?action=view&current=lista3.jpg
    http://s179.photobucket.com/albums/w308/Angevelinka/?action=view&current=lista4.jpg
    http://s179.photobucket.com/albums/w308/Angevelinka/?action=view&current=lista5.jpg

    As you can see, while several files are infected, we are unable to find the original one that spread the infection.

    What can we do? as far as I understand, the kernell is a veyr important driver and once infected....
    Would Start Menu/ Acccesories/ System Tools /System Restore work?
    What about http://www.registryfix-free.com/kdinfected.htm ?
     
  2. panur

    panur Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    2
    Adding: we can't install kaspersky as it wants her to uninstall AVAST (which is where all the quarantined stuff is!)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917798

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice