• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

[URGENT] PC owned by virus/trojan/rootkit/etc.

Joined
Sep 26, 2006
Messages
6,959 (1.09/day)
Location
Australia, Sydney
So basically this is what happened. Suddenly Regsvr32.dll is terminated because of whatever reason after I close FF. Initially I think its a memory issue... anyway this is where hell breaks loose. I open Kapsersky and I scan, I notice there are shitloads of random DLLs loaded onto the main components. I start finding dlls with random names and delete them, however one of them causes the PC to reboot upon deletion. Kapersky moreover takes REALLY LONG to scan through one exe, which has the random dlls. Its like as if the dlls are preventing Kapersky from functioning.

Now today, the problem is even worse. I was about to switch to Zone Alarm, and was about to uninstall kapersky, rundll32 kept getting terminated randomly when I tried to use tasks that used it. A majority of the programs usually used to eradicate this stuff didnt work as well...

Went into safe mode... same story.

Wtf is it anyway? Its like the virus has embedded itself in the programs.





:banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead::banghead:
 

Rebo&Zooty

New Member
Joined
May 17, 2008
Messages
490 (0.08/day)
pwnt......haha

ok sorry but......well i have seen kasper fail, the only av's that have never failed me are nod32 and f-prot.

my advice, grab a dos version of f-prot, get the updated sig files and replace the old ones, put it on a folder on ur hdd, reboot from a cd and get into recovery console, run f-prot for dos and let it scan and remove infected files, its worked for me when i had to recover other peoples systems.

you could try running the trial of nod32 and f-prot in windows see if it works, but once a virus is in memory, your pretty well screwed.

http://www.f-prot.com/
u can get the trail off the front page, upper left side(click and it downloads instantly!!!)

http://www.eset.com/
right side of the page for free trial :)
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
I know you don't want to hear this, but in a scenario like that a reinstall might be appropriate. Good luck regardless, be sure if it's a keylogger that it's not logging your passwords!
 
Joined
Feb 21, 2008
Messages
4,985 (0.85/day)
Location
Greensboro, NC, USA
System Name Cosmos F1000
Processor i9-9900k
Motherboard Gigabyte Z370XP SLI, BIOS 15a
Cooling Corsair H100i, Panaflo's on case
Memory XPG GAMMIX D30 2x16GB DDR4 3200 CL16
Video Card(s) EVGA RTX 2080 ti
Storage 1TB 960 Pro, 2TB Samsung 850 Pro, 4TB WD Hard Drive
Display(s) ASUS ROG SWIFT PG278Q 27"
Case CM Cosmos 1000
Audio Device(s) logitech 5.1 system (midrange quality)
Power Supply CORSAIR HXi HX1000i 1000watt
Mouse G400s Logitech
Keyboard K65 RGB Corsair Tenkeyless Cherry Red MX
Software Win10 Pro, Win7 x64 Professional
Yeah my favorite is Nod32. :)
 

Rebo&Zooty

New Member
Joined
May 17, 2008
Messages
490 (0.08/day)
not true unless kasper has started blocking nod32, nod32 used a diffrent range of memory addys from kasper last i checked, it can run along side kasper or symantic products
 
Joined
Feb 21, 2008
Messages
4,985 (0.85/day)
Location
Greensboro, NC, USA
System Name Cosmos F1000
Processor i9-9900k
Motherboard Gigabyte Z370XP SLI, BIOS 15a
Cooling Corsair H100i, Panaflo's on case
Memory XPG GAMMIX D30 2x16GB DDR4 3200 CL16
Video Card(s) EVGA RTX 2080 ti
Storage 1TB 960 Pro, 2TB Samsung 850 Pro, 4TB WD Hard Drive
Display(s) ASUS ROG SWIFT PG278Q 27"
Case CM Cosmos 1000
Audio Device(s) logitech 5.1 system (midrange quality)
Power Supply CORSAIR HXi HX1000i 1000watt
Mouse G400s Logitech
Keyboard K65 RGB Corsair Tenkeyless Cherry Red MX
Software Win10 Pro, Win7 x64 Professional
not true unless kasper has started blocking nod32, nod32 used a diffrent range of memory addys from kasper last i checked, it can run along side kasper or symantic products

Spot on, again Zooty. :D
 
Last edited:
Joined
Sep 25, 2006
Messages
2,312 (0.36/day)
Location
Norn Iron
Processor Q9550 @3.8
Motherboard Asus Maximus Extreme
Cooling Custom water cooling
Memory 4GB Patriot Viper DDR3 1600MHz
Video Card(s) 2x HD4870 512MB
Storage 2x 500GB
Display(s) 3x LG L226WTQ 22" Widescreen LCD
Case Modded TJ07
Audio Device(s) On board
Power Supply PC P&C Silencer 750
Software Windows 7 Ultimate
Joined
Sep 26, 2006
Messages
6,959 (1.09/day)
Location
Australia, Sydney
I've confirmed its a rootkit... behavior is very evasive and it has put itself into my system files. Going to format.
 
Joined
Sep 26, 2006
Messages
6,959 (1.09/day)
Location
Australia, Sydney
fucking internet terrorists... go get a taste of real terrorism shoved down your throat...

Going to probably switch to vista.
 

KBD

New Member
Joined
Feb 23, 2007
Messages
2,477 (0.40/day)
Location
The Rotten Big Apple
Processor Intel e8600 @ 4.9 Ghz
Motherboard DFI Lanparty DK X48-T2RSB Plus
Cooling Water
Memory 2GB (2 x 1GB) of Buffalo Firestix DDR2-1066
Video Card(s) MSI Radeon HD 4870 1GB OC (820/950) & tweaking
Storage 2x 74GB Velociraptors in RAID 0; 320 GB Barracuda 7200.10
Display(s) 22" Mitsubishi Diamond Pro 2070SB
Case Silverstone TJ09-BW
Audio Device(s) Creative X-Fi Titanium Fatal1ty Profesional
Power Supply Ultra X3 800W
Software Windows XP Pro w/ SP3
Vista has better security features, but the likelehood of being infected is still high.

Mac OS X, now that will lower your infection chance dramatically :)
 

Rebo&Zooty

New Member
Joined
May 17, 2008
Messages
490 (0.08/day)
duno KBD saw a report of osx being comprimised in 10min, where vista and linux lasted the day.....


if u want secure, vector linux would be a good choice :)
 

KBD

New Member
Joined
Feb 23, 2007
Messages
2,477 (0.40/day)
Location
The Rotten Big Apple
Processor Intel e8600 @ 4.9 Ghz
Motherboard DFI Lanparty DK X48-T2RSB Plus
Cooling Water
Memory 2GB (2 x 1GB) of Buffalo Firestix DDR2-1066
Video Card(s) MSI Radeon HD 4870 1GB OC (820/950) & tweaking
Storage 2x 74GB Velociraptors in RAID 0; 320 GB Barracuda 7200.10
Display(s) 22" Mitsubishi Diamond Pro 2070SB
Case Silverstone TJ09-BW
Audio Device(s) Creative X-Fi Titanium Fatal1ty Profesional
Power Supply Ultra X3 800W
Software Windows XP Pro w/ SP3
I read somewhere that if one has a mac OS (not neccesarily X) that person has much lesser chance of being infected. In any event, i was kidding, i don't think he'll be able to run it anyway on non-Mac hardware, only as a dual-boot.
 
Last edited:
Joined
Apr 7, 2007
Messages
196 (0.03/day)
Location
Paris
Processor E6700@3447 (383.1*9)24/7; 3735(415*9)for benchies
Motherboard P5B dlx
Cooling Zalman cnps 9700 led; 1Thermaltake enlobel 120mm; 1Noctua 120 and 2NZXT 120 mm case fans
Memory Corsair Twinx 2Go Pc6400c4 @ 478.9 4-4-4-12
Video Card(s) hd 2900 xt @850/1050
Storage 400G Seagate; 75Go WD raptor (system disk)
Display(s) Sony h70
Case Modded NZXT apollo
Audio Device(s) Sound Blaster X-FI audio / Altec 2.1
Power Supply Enermax Infinity 720W
Software XP pro sp2
Benchmark Scores 3DMark=12907
I've confirmed its a rootkit... behavior is very evasive and it has put itself into my system files. Going to format.

Try hijack this and rootkit revealer.........take out any suspicious files in win and registry with regedit command......run ccleaner and eliminate all temp files.......get a clean copy of avast or Nod or Fprot (avast is best here) and run it in bootmode. you should be ok....


If nothing works format:cry:
 
Joined
Apr 7, 2007
Messages
196 (0.03/day)
Location
Paris
Processor E6700@3447 (383.1*9)24/7; 3735(415*9)for benchies
Motherboard P5B dlx
Cooling Zalman cnps 9700 led; 1Thermaltake enlobel 120mm; 1Noctua 120 and 2NZXT 120 mm case fans
Memory Corsair Twinx 2Go Pc6400c4 @ 478.9 4-4-4-12
Video Card(s) hd 2900 xt @850/1050
Storage 400G Seagate; 75Go WD raptor (system disk)
Display(s) Sony h70
Case Modded NZXT apollo
Audio Device(s) Sound Blaster X-FI audio / Altec 2.1
Power Supply Enermax Infinity 720W
Software XP pro sp2
Benchmark Scores 3DMark=12907
fucking internet terrorists... go get a taste of real terrorism shoved down your throat...

Going to probably switch to vista.

Sorry to say TK but I just spent the better of the aftenoon getting rid of a rootkit and Vundo on a Vista machine (friggin Sony screen machine settup) and its as hairy as Xp for that matter:shadedshu:shadedshu:shadedshu
 

Rebo&Zooty

New Member
Joined
May 17, 2008
Messages
490 (0.08/day)
Sorry to say TK but I just spent the better of the aftenoon getting rid of a rootkit and Vundo on a Vista machine (friggin Sony screen machine settup) and its as hairy as Xp for that matter:shadedshu:shadedshu:shadedshu

well shave it :p
 
Joined
Apr 7, 2007
Messages
196 (0.03/day)
Location
Paris
Processor E6700@3447 (383.1*9)24/7; 3735(415*9)for benchies
Motherboard P5B dlx
Cooling Zalman cnps 9700 led; 1Thermaltake enlobel 120mm; 1Noctua 120 and 2NZXT 120 mm case fans
Memory Corsair Twinx 2Go Pc6400c4 @ 478.9 4-4-4-12
Video Card(s) hd 2900 xt @850/1050
Storage 400G Seagate; 75Go WD raptor (system disk)
Display(s) Sony h70
Case Modded NZXT apollo
Audio Device(s) Sound Blaster X-FI audio / Altec 2.1
Power Supply Enermax Infinity 720W
Software XP pro sp2
Benchmark Scores 3DMark=12907
Joined
Sep 5, 2004
Messages
1,956 (0.27/day)
Location
The Kingdom of Norway
Processor Ryzen 5900X
Motherboard Gigabyte B550I AORUS PRO AX 1.1
Cooling Noctua NB-U12A
Memory 2x 32GB Fury DDR4 3200mhz
Video Card(s) PowerColor Radeon 5700 XT Red Dragon
Storage Kingston FURY Renegade 2TB PCIe 4.0
Display(s) 2x Dell U2412M
Case Phanteks P400A
Audio Device(s) Hifimediy Sabre 9018 USB DAC
Power Supply Corsair AX850 (from 2012)
Software Windows 10?
Run NOD32 in safe mode
then run SpyBot :)
 
Top