New Posts  All Forums:Forum Nav:

Root Kit help?

post #1 of 15
Thread Starter 
so after 5 years of of using Norton AIV/360 I've contracted some type of Root kit everytime I start up my computer I get notifications from Norton of about 5-10 *.dll files that are downloaded but declares them all safe, stuff like Skype_viewer.dll and chrome_stupidname.dll

I've tried combo fix, with Rkiller tdsskiller, bitdefender removal tool, bootkitremoval, unhackme (seems to be the best so far) and am in the middle of Malwarebytes rootkit beta, and Sophos removal tool

any suggestions? I might just go ahead and do a clean install.
Edited by Jim888 - 1/12/14 at 6:25pm
LIttle Giant
(14 items)
 
 
Old HP upgraded
(13 items)
 
CPUMotherboardGraphicsGraphics
3570k Asus P8Z77-I Deluxe  AMD Radeon HD Myst 7870 Tahiti Accelero Twin Turbo II 
RAMHard DriveHard DriveMonitor
16GB Corsair 1600  Samsung 840pro Samsung 500 GB 2.5" 7200 HDD Asus VG236h 120hz  
KeyboardPowerCaseMouse
Corsair K90 Corsair 500w Bitfenix Prodigy  Logitech G9x 
Mouse PadAudio
Rocketfish Hard dual sided Creative 2.1 speakers/Razer Megalodon/Charasis  
CPUMotherboardGraphicsRAM
I5 2500k Asus P8Z68-lx XFX 685X Pny 
Hard DriveHard DriveHard DriveOptical Drive
Wd caviar black FAALS Wd caviar blue  Ocz agility 2 Ssd Asus dvd burner 
CoolingOSMonitorKeyboard
Frio Win 7 home premium Hp 2207 Logitech G11 (rev 1) 
PowerCaseMouseMouse Pad
Pc power and colling 775w Antech 900 Logitech G9x Rocketfish 
Audio
Razer megalodon 
CPUMotherboardGraphicsHard Drive
Athlon X2 4800+ ESC Nettle2 Asus 5770 wd Black 
Hard DriveOSMonitorKeyboard
SSD OCZ agility II Win 7 home Premium  Hp w2207 Logitech G11 
PowerCaseMouseMouse Pad
750w PC power and cooling Antec 900 Logitech G9 Rocket fish 
Audio
Razer Megelodon  
  hide details  
Reply
LIttle Giant
(14 items)
 
 
Old HP upgraded
(13 items)
 
CPUMotherboardGraphicsGraphics
3570k Asus P8Z77-I Deluxe  AMD Radeon HD Myst 7870 Tahiti Accelero Twin Turbo II 
RAMHard DriveHard DriveMonitor
16GB Corsair 1600  Samsung 840pro Samsung 500 GB 2.5" 7200 HDD Asus VG236h 120hz  
KeyboardPowerCaseMouse
Corsair K90 Corsair 500w Bitfenix Prodigy  Logitech G9x 
Mouse PadAudio
Rocketfish Hard dual sided Creative 2.1 speakers/Razer Megalodon/Charasis  
CPUMotherboardGraphicsRAM
I5 2500k Asus P8Z68-lx XFX 685X Pny 
Hard DriveHard DriveHard DriveOptical Drive
Wd caviar black FAALS Wd caviar blue  Ocz agility 2 Ssd Asus dvd burner 
CoolingOSMonitorKeyboard
Frio Win 7 home premium Hp 2207 Logitech G11 (rev 1) 
PowerCaseMouseMouse Pad
Pc power and colling 775w Antech 900 Logitech G9x Rocketfish 
Audio
Razer megalodon 
CPUMotherboardGraphicsHard Drive
Athlon X2 4800+ ESC Nettle2 Asus 5770 wd Black 
Hard DriveOSMonitorKeyboard
SSD OCZ agility II Win 7 home Premium  Hp w2207 Logitech G11 
PowerCaseMouseMouse Pad
750w PC power and cooling Antec 900 Logitech G9 Rocket fish 
Audio
Razer Megelodon  
  hide details  
Reply
post #2 of 15
If you know the filenames of the malware, use a Linux Live CD to do the deleting. Rootkits are nearly impossible to delete from an online system and using the live CD allows you to do an offline cleanup.
RYZEN
(14 items)
 
OFFICE PC
(12 items)
 
20TB_HOMENAS
(9 items)
 
CPUMotherboardGraphicsRAM
Ryzen 1700X ASRock Fatal1ty X370 Professional Gaming XFX 390x Corsair Vengeance LPX 64GB DDR4 
Hard DriveOptical DriveCoolingOS
A bunch of swappable SSDs LG BD-ROM Thermaltake CL-P039-AL12BL-A Contac Silent Windows 7 
MonitorKeyboardPowerCase
Generic Korean 32" 4K Generic mechanical rainbow LED lit SeaSonic G Series 550-Watt AZZA Helios 910 CSAZ-910 
MouseAudio
Logitech G500 T1 24BIT Tube USB DAC 
CPUMotherboardGraphicsRAM
AMD Athlon II X2 255 ASRock 970DE3/U3S3 Radeon X300 Kingston KHX1600C9D3/4GX 
Hard DriveHard DriveHard DriveHard Drive
8x Samsung HD204UI 7x Seagate ST2000DM001 Transcend TS16GSSD25-S 2x WD WD40EZRX 
Case
AZZA Helios 
  hide details  
Reply
RYZEN
(14 items)
 
OFFICE PC
(12 items)
 
20TB_HOMENAS
(9 items)
 
CPUMotherboardGraphicsRAM
Ryzen 1700X ASRock Fatal1ty X370 Professional Gaming XFX 390x Corsair Vengeance LPX 64GB DDR4 
Hard DriveOptical DriveCoolingOS
A bunch of swappable SSDs LG BD-ROM Thermaltake CL-P039-AL12BL-A Contac Silent Windows 7 
MonitorKeyboardPowerCase
Generic Korean 32" 4K Generic mechanical rainbow LED lit SeaSonic G Series 550-Watt AZZA Helios 910 CSAZ-910 
MouseAudio
Logitech G500 T1 24BIT Tube USB DAC 
CPUMotherboardGraphicsRAM
AMD Athlon II X2 255 ASRock 970DE3/U3S3 Radeon X300 Kingston KHX1600C9D3/4GX 
Hard DriveHard DriveHard DriveHard Drive
8x Samsung HD204UI 7x Seagate ST2000DM001 Transcend TS16GSSD25-S 2x WD WD40EZRX 
Case
AZZA Helios 
  hide details  
Reply
post #3 of 15
If it is a true rootkit then the only real safe way is a clean install. Rootkit means the program has complete control down to the "roots" of your system. While you may remove some of the symptoms the programs creator has true control and is fooling you. Typically when I work on true rootkit infected computers it is safer to re-install.
     
CPUMotherboardGraphicsHard Drive
Intel 4770k MSI Z87-G45 MSI 290x Lightning Crucial M4 256 x1 
Hard DriveOptical DriveCoolingOS
Crucial M5 It's an optical drive... H60 Liquid Cooler Window 7 Pro 64 Bit 
MonitorMonitorKeyboardPower
BenQ XL2430T Acer H243H Rosewill Illuminated Mechanical Gaming Keyboard... EVGA Supernova 1000P2 
CaseMouseMouse PadAudio
Azza Hurrican Blue Cooler Master Xornet My desk  Some old Altech Lansing 5.1 Speakers 
CPUMotherboardGraphicsRAM
AMD FX-8150 Asus M5A99x EVO EVGA GTX 480 SLI  8gb Corsair XMS3 
Hard DriveOptical DriveCoolingOS
Crucial M4 256 x 2 It's an optical drive, who cares H60 liquid cooler  Windows 7 Pro 64 bit 
MonitorMonitorKeyboardPower
Acer H243H Westinghouse WDE LCM-17v2 Rosewill Illuminated Mechanical Gaming Keyboard... Cougar 1050w modular  
CaseMouseAudio
Azza Hurrican Blue Cooler Master Xornet Some old Altec Lansing 5.1 speakers 
  hide details  
Reply
     
CPUMotherboardGraphicsHard Drive
Intel 4770k MSI Z87-G45 MSI 290x Lightning Crucial M4 256 x1 
Hard DriveOptical DriveCoolingOS
Crucial M5 It's an optical drive... H60 Liquid Cooler Window 7 Pro 64 Bit 
MonitorMonitorKeyboardPower
BenQ XL2430T Acer H243H Rosewill Illuminated Mechanical Gaming Keyboard... EVGA Supernova 1000P2 
CaseMouseMouse PadAudio
Azza Hurrican Blue Cooler Master Xornet My desk  Some old Altech Lansing 5.1 Speakers 
CPUMotherboardGraphicsRAM
AMD FX-8150 Asus M5A99x EVO EVGA GTX 480 SLI  8gb Corsair XMS3 
Hard DriveOptical DriveCoolingOS
Crucial M4 256 x 2 It's an optical drive, who cares H60 liquid cooler  Windows 7 Pro 64 bit 
MonitorMonitorKeyboardPower
Acer H243H Westinghouse WDE LCM-17v2 Rosewill Illuminated Mechanical Gaming Keyboard... Cougar 1050w modular  
CaseMouseAudio
Azza Hurrican Blue Cooler Master Xornet Some old Altec Lansing 5.1 speakers 
  hide details  
Reply
post #4 of 15
You can run combofix but that may ruin your functionality. Also running malwarebytes in safe mode may help but again if it's a rootkit none of that may actually help.
     
CPUMotherboardGraphicsHard Drive
Intel 4770k MSI Z87-G45 MSI 290x Lightning Crucial M4 256 x1 
Hard DriveOptical DriveCoolingOS
Crucial M5 It's an optical drive... H60 Liquid Cooler Window 7 Pro 64 Bit 
MonitorMonitorKeyboardPower
BenQ XL2430T Acer H243H Rosewill Illuminated Mechanical Gaming Keyboard... EVGA Supernova 1000P2 
CaseMouseMouse PadAudio
Azza Hurrican Blue Cooler Master Xornet My desk  Some old Altech Lansing 5.1 Speakers 
CPUMotherboardGraphicsRAM
AMD FX-8150 Asus M5A99x EVO EVGA GTX 480 SLI  8gb Corsair XMS3 
Hard DriveOptical DriveCoolingOS
Crucial M4 256 x 2 It's an optical drive, who cares H60 liquid cooler  Windows 7 Pro 64 bit 
MonitorMonitorKeyboardPower
Acer H243H Westinghouse WDE LCM-17v2 Rosewill Illuminated Mechanical Gaming Keyboard... Cougar 1050w modular  
CaseMouseAudio
Azza Hurrican Blue Cooler Master Xornet Some old Altec Lansing 5.1 speakers 
  hide details  
Reply
     
CPUMotherboardGraphicsHard Drive
Intel 4770k MSI Z87-G45 MSI 290x Lightning Crucial M4 256 x1 
Hard DriveOptical DriveCoolingOS
Crucial M5 It's an optical drive... H60 Liquid Cooler Window 7 Pro 64 Bit 
MonitorMonitorKeyboardPower
BenQ XL2430T Acer H243H Rosewill Illuminated Mechanical Gaming Keyboard... EVGA Supernova 1000P2 
CaseMouseMouse PadAudio
Azza Hurrican Blue Cooler Master Xornet My desk  Some old Altech Lansing 5.1 Speakers 
CPUMotherboardGraphicsRAM
AMD FX-8150 Asus M5A99x EVO EVGA GTX 480 SLI  8gb Corsair XMS3 
Hard DriveOptical DriveCoolingOS
Crucial M4 256 x 2 It's an optical drive, who cares H60 liquid cooler  Windows 7 Pro 64 bit 
MonitorMonitorKeyboardPower
Acer H243H Westinghouse WDE LCM-17v2 Rosewill Illuminated Mechanical Gaming Keyboard... Cougar 1050w modular  
CaseMouseAudio
Azza Hurrican Blue Cooler Master Xornet Some old Altec Lansing 5.1 speakers 
  hide details  
Reply
post #5 of 15
Thread Starter 
thanks for the help guys...guess its clean install
LIttle Giant
(14 items)
 
 
Old HP upgraded
(13 items)
 
CPUMotherboardGraphicsGraphics
3570k Asus P8Z77-I Deluxe  AMD Radeon HD Myst 7870 Tahiti Accelero Twin Turbo II 
RAMHard DriveHard DriveMonitor
16GB Corsair 1600  Samsung 840pro Samsung 500 GB 2.5" 7200 HDD Asus VG236h 120hz  
KeyboardPowerCaseMouse
Corsair K90 Corsair 500w Bitfenix Prodigy  Logitech G9x 
Mouse PadAudio
Rocketfish Hard dual sided Creative 2.1 speakers/Razer Megalodon/Charasis  
CPUMotherboardGraphicsRAM
I5 2500k Asus P8Z68-lx XFX 685X Pny 
Hard DriveHard DriveHard DriveOptical Drive
Wd caviar black FAALS Wd caviar blue  Ocz agility 2 Ssd Asus dvd burner 
CoolingOSMonitorKeyboard
Frio Win 7 home premium Hp 2207 Logitech G11 (rev 1) 
PowerCaseMouseMouse Pad
Pc power and colling 775w Antech 900 Logitech G9x Rocketfish 
Audio
Razer megalodon 
CPUMotherboardGraphicsHard Drive
Athlon X2 4800+ ESC Nettle2 Asus 5770 wd Black 
Hard DriveOSMonitorKeyboard
SSD OCZ agility II Win 7 home Premium  Hp w2207 Logitech G11 
PowerCaseMouseMouse Pad
750w PC power and cooling Antec 900 Logitech G9 Rocket fish 
Audio
Razer Megelodon  
  hide details  
Reply
LIttle Giant
(14 items)
 
 
Old HP upgraded
(13 items)
 
CPUMotherboardGraphicsGraphics
3570k Asus P8Z77-I Deluxe  AMD Radeon HD Myst 7870 Tahiti Accelero Twin Turbo II 
RAMHard DriveHard DriveMonitor
16GB Corsair 1600  Samsung 840pro Samsung 500 GB 2.5" 7200 HDD Asus VG236h 120hz  
KeyboardPowerCaseMouse
Corsair K90 Corsair 500w Bitfenix Prodigy  Logitech G9x 
Mouse PadAudio
Rocketfish Hard dual sided Creative 2.1 speakers/Razer Megalodon/Charasis  
CPUMotherboardGraphicsRAM
I5 2500k Asus P8Z68-lx XFX 685X Pny 
Hard DriveHard DriveHard DriveOptical Drive
Wd caviar black FAALS Wd caviar blue  Ocz agility 2 Ssd Asus dvd burner 
CoolingOSMonitorKeyboard
Frio Win 7 home premium Hp 2207 Logitech G11 (rev 1) 
PowerCaseMouseMouse Pad
Pc power and colling 775w Antech 900 Logitech G9x Rocketfish 
Audio
Razer megalodon 
CPUMotherboardGraphicsHard Drive
Athlon X2 4800+ ESC Nettle2 Asus 5770 wd Black 
Hard DriveOSMonitorKeyboard
SSD OCZ agility II Win 7 home Premium  Hp w2207 Logitech G11 
PowerCaseMouseMouse Pad
750w PC power and cooling Antec 900 Logitech G9 Rocket fish 
Audio
Razer Megelodon  
  hide details  
Reply
post #6 of 15
DBAN that drive first, just to make sure it's empty and free of the rootkit.
RYZEN
(14 items)
 
OFFICE PC
(12 items)
 
20TB_HOMENAS
(9 items)
 
CPUMotherboardGraphicsRAM
Ryzen 1700X ASRock Fatal1ty X370 Professional Gaming XFX 390x Corsair Vengeance LPX 64GB DDR4 
Hard DriveOptical DriveCoolingOS
A bunch of swappable SSDs LG BD-ROM Thermaltake CL-P039-AL12BL-A Contac Silent Windows 7 
MonitorKeyboardPowerCase
Generic Korean 32" 4K Generic mechanical rainbow LED lit SeaSonic G Series 550-Watt AZZA Helios 910 CSAZ-910 
MouseAudio
Logitech G500 T1 24BIT Tube USB DAC 
CPUMotherboardGraphicsRAM
AMD Athlon II X2 255 ASRock 970DE3/U3S3 Radeon X300 Kingston KHX1600C9D3/4GX 
Hard DriveHard DriveHard DriveHard Drive
8x Samsung HD204UI 7x Seagate ST2000DM001 Transcend TS16GSSD25-S 2x WD WD40EZRX 
Case
AZZA Helios 
  hide details  
Reply
RYZEN
(14 items)
 
OFFICE PC
(12 items)
 
20TB_HOMENAS
(9 items)
 
CPUMotherboardGraphicsRAM
Ryzen 1700X ASRock Fatal1ty X370 Professional Gaming XFX 390x Corsair Vengeance LPX 64GB DDR4 
Hard DriveOptical DriveCoolingOS
A bunch of swappable SSDs LG BD-ROM Thermaltake CL-P039-AL12BL-A Contac Silent Windows 7 
MonitorKeyboardPowerCase
Generic Korean 32" 4K Generic mechanical rainbow LED lit SeaSonic G Series 550-Watt AZZA Helios 910 CSAZ-910 
MouseAudio
Logitech G500 T1 24BIT Tube USB DAC 
CPUMotherboardGraphicsRAM
AMD Athlon II X2 255 ASRock 970DE3/U3S3 Radeon X300 Kingston KHX1600C9D3/4GX 
Hard DriveHard DriveHard DriveHard Drive
8x Samsung HD204UI 7x Seagate ST2000DM001 Transcend TS16GSSD25-S 2x WD WD40EZRX 
Case
AZZA Helios 
  hide details  
Reply
post #7 of 15
I wish I could get WinDbg running for kernel debugging... I really want to learn how to debug rootkits.

But yes, rootkits get into the kernel level on the system, meaning they can intercept calls like "delete." They can do things like filter your call (or the AV's call) to delete if the target is the rootkit file(s) itself and even worse things. A clean install is going to be the safest thing to do.
post #8 of 15
Thread Starter 
Quote:
Originally Posted by FastMHz View Post

DBAN that drive first, just to make sure it's empty and free of the rootkit.

it's a SSD is that ok to use DBAN on?>
Edited by Jim888 - 1/13/14 at 5:07pm
LIttle Giant
(14 items)
 
 
Old HP upgraded
(13 items)
 
CPUMotherboardGraphicsGraphics
3570k Asus P8Z77-I Deluxe  AMD Radeon HD Myst 7870 Tahiti Accelero Twin Turbo II 
RAMHard DriveHard DriveMonitor
16GB Corsair 1600  Samsung 840pro Samsung 500 GB 2.5" 7200 HDD Asus VG236h 120hz  
KeyboardPowerCaseMouse
Corsair K90 Corsair 500w Bitfenix Prodigy  Logitech G9x 
Mouse PadAudio
Rocketfish Hard dual sided Creative 2.1 speakers/Razer Megalodon/Charasis  
CPUMotherboardGraphicsRAM
I5 2500k Asus P8Z68-lx XFX 685X Pny 
Hard DriveHard DriveHard DriveOptical Drive
Wd caviar black FAALS Wd caviar blue  Ocz agility 2 Ssd Asus dvd burner 
CoolingOSMonitorKeyboard
Frio Win 7 home premium Hp 2207 Logitech G11 (rev 1) 
PowerCaseMouseMouse Pad
Pc power and colling 775w Antech 900 Logitech G9x Rocketfish 
Audio
Razer megalodon 
CPUMotherboardGraphicsHard Drive
Athlon X2 4800+ ESC Nettle2 Asus 5770 wd Black 
Hard DriveOSMonitorKeyboard
SSD OCZ agility II Win 7 home Premium  Hp w2207 Logitech G11 
PowerCaseMouseMouse Pad
750w PC power and cooling Antec 900 Logitech G9 Rocket fish 
Audio
Razer Megelodon  
  hide details  
Reply
LIttle Giant
(14 items)
 
 
Old HP upgraded
(13 items)
 
CPUMotherboardGraphicsGraphics
3570k Asus P8Z77-I Deluxe  AMD Radeon HD Myst 7870 Tahiti Accelero Twin Turbo II 
RAMHard DriveHard DriveMonitor
16GB Corsair 1600  Samsung 840pro Samsung 500 GB 2.5" 7200 HDD Asus VG236h 120hz  
KeyboardPowerCaseMouse
Corsair K90 Corsair 500w Bitfenix Prodigy  Logitech G9x 
Mouse PadAudio
Rocketfish Hard dual sided Creative 2.1 speakers/Razer Megalodon/Charasis  
CPUMotherboardGraphicsRAM
I5 2500k Asus P8Z68-lx XFX 685X Pny 
Hard DriveHard DriveHard DriveOptical Drive
Wd caviar black FAALS Wd caviar blue  Ocz agility 2 Ssd Asus dvd burner 
CoolingOSMonitorKeyboard
Frio Win 7 home premium Hp 2207 Logitech G11 (rev 1) 
PowerCaseMouseMouse Pad
Pc power and colling 775w Antech 900 Logitech G9x Rocketfish 
Audio
Razer megalodon 
CPUMotherboardGraphicsHard Drive
Athlon X2 4800+ ESC Nettle2 Asus 5770 wd Black 
Hard DriveOSMonitorKeyboard
SSD OCZ agility II Win 7 home Premium  Hp w2207 Logitech G11 
PowerCaseMouseMouse Pad
750w PC power and cooling Antec 900 Logitech G9 Rocket fish 
Audio
Razer Megelodon  
  hide details  
Reply
post #9 of 15
Quote:
Originally Posted by Jim888 View Post

it's a SSD is that ok to use DBAN on?>

I've heard it's not safe, but I don't know the reasoning.

But thinking about it a little bit... unless the rootkit stuck itself somewhere in your BIOS or graphics chips or something, it shouldn't be able to be loaded into memory again from the disk if its location isn't know anymore, right? It should be ok to just format.
post #10 of 15
http://www.malwarebytes.org/antirootkit/

and

http://support.kaspersky.com/us/viruses/disinfection/5350

if i suspect rootkit on a customers PC i run both of these. I have had very good success rates with them when used in tandem. then of course followup with mbam full scan.

I cant say 100% success but near that
Simple 2
(11 items)
 
  
CPUMotherboardGraphicsRAM
FX-8150 Asus Crosshair V EVGA GTX-570 G.Skill Sniper 2133 8GB 
Hard DriveOptical DriveCoolingOS
Corsair Force 3 120GB HP dvd 1260 Raystorm rs 360 ddc 3.2 x 2 Windows 7 x64 Ultimate 
PowerCaseMouse
Max-Revo 85+ 920 Watt Coolermaster 932 Logitech G9x 
  hide details  
Reply
Simple 2
(11 items)
 
  
CPUMotherboardGraphicsRAM
FX-8150 Asus Crosshair V EVGA GTX-570 G.Skill Sniper 2133 8GB 
Hard DriveOptical DriveCoolingOS
Corsair Force 3 120GB HP dvd 1260 Raystorm rs 360 ddc 3.2 x 2 Windows 7 x64 Ultimate 
PowerCaseMouse
Max-Revo 85+ 920 Watt Coolermaster 932 Logitech G9x 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security