Windows XP: c:\windows\system32\gxvxccounter
Yep, Be Sure To Run Malwarebytes Repeatedly...
by Grif Thomas
- 6/3/09 10:31 AM
In reply to: Combofix renamed by ronbin
...just to make sure all things are gone.. Afterwards, run SuperAntispyware..
And another thanks to Slikkster for providing the download..
Grif
Antispyware
by ronbin - 6/3/09 10:40 AM In reply to: Yep, Be Sure To Run Malwarebytes Repeatedly... by Grif Thomas
OK Grif, will download it and do it now.
Thanks again for all your help, it's nice to have my comp0uter back and running smoothly.
Take Care,
RonB
rootkit + meaningful description.
by Nightmares0nwax - 6/1/09 6:18 PM In reply to: c:\windows\system32\gxvxccounter by ronbinyou have a rootkit infection mate, we all want to push these unwanted entities to the edge and kick them off because they are no good and lack any use at all, they deliberately get on peoples nerves and take the fun out of computers. mark my words, nobody likes them!
http://www.antirootkit.com/software/IceSword.htm
http://technet.microsoft.com/en-gb/sysinternals/bb897445.aspx
you need to disconnect from the net and disable all your security programs. that means disabling the services through services.msc and rebooting. simply because security progrms can employ the same methods as rootkits, so you dont want to get mixed up.
icesword, pay particular attention to the "programs, services, SSDT, startup, kernel module" sections. anything in red is hidden. post all that you see in these particular sections. names and image paths.
rootkit revealer, do a full scan and export the results to a text file, you can post them here.
rootkits are quite easy to unhook, disable the service and reboot, then remove all the files that were accompanied by it.
but first you need to decipher if you actually have one.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
