Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Rootkit help needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Rootkit help needed

Unread postby tangerine » February 1st, 2011, 8:59 pm

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Recording\Restricted
Root : 0
SubKey : Restricted
ValueName : ccc
Data : 48 E7 E 92 58 B3 13 E6 ...
ValueType : 3
AccessType: 0
FullLength: 0x66
DataSize : 0xc8
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43
SubKey : 43
FullLength: 0x59
2 hidden registry entries found.

does this make any sense?
tangerine
Regular Member
 
Posts: 27
Joined: January 29th, 2011, 10:28 am
Advertisement
Register to Remove

Re: Rootkit help needed

Unread postby tangerine » February 2nd, 2011, 9:53 am

is this anything to worry about?

Begin scan in 'C:\'
C:\Users\Chris\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\7D037C60-000026B3.eml
[0] Archive type: MIME
[DETECTION] Contains recognition pattern of the PHISH/FraudHS.A phishing file/email
--> Verify.html
[DETECTION] Contains recognition pattern of the PHISH/FraudHS.A phishing file/email
tangerine
Regular Member
 
Posts: 27
Joined: January 29th, 2011, 10:28 am

Re: Rootkit help needed

Unread postby askey127 » February 2nd, 2011, 11:13 am

Those registry items are OK.
The last two are e-mails that you already deleted, probably because they were fake. Unless you were to restore them, they are not a problem.
I am still looking at your log(s).
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Rootkit help needed

Unread postby tangerine » February 2nd, 2011, 1:48 pm

ok thank you. Just got sophos and trend micro both flag those files as rootkits thats why got worried?
Appreciate your help
tangerine
Regular Member
 
Posts: 27
Joined: January 29th, 2011, 10:28 am

Re: Rootkit help needed

Unread postby tangerine » February 2nd, 2011, 2:26 pm

KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\43
SubKey : 43


what is this file for please?
tangerine
Regular Member
 
Posts: 27
Joined: January 29th, 2011, 10:28 am

Re: Rootkit help needed

Unread postby askey127 » February 2nd, 2011, 9:14 pm

That's part of Windows Search related to indexing the hard drive.

You do not seem to have a rootkit.
If you don't have any further questions, you should be good to go.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Rootkit help needed

Unread postby tangerine » February 2nd, 2011, 10:37 pm

How about this one please?

[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Recording\Restricted


anything else I need to do?
tangerine
Regular Member
 
Posts: 27
Joined: January 29th, 2011, 10:28 am

Re: Rootkit help needed

Unread postby tangerine » February 2nd, 2011, 11:15 pm

rootkin flagged this up too

Location: C:\Windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18000_none_a0f56f6331781dea\secproc.dll
Removable: Yes (but clean up not recommended for this file)



one last thing

my mouse just started moving on its own is that anything to be concerned about?

thanks
tangerine
Regular Member
 
Posts: 27
Joined: January 29th, 2011, 10:28 am

Re: Rootkit help needed

Unread postby askey127 » February 3rd, 2011, 7:47 am

You can run a full scan with Antivir to remove any infected files.
I would not continue running Rootkit detector scans.
They are specialized tools, and the results they give are not meant for the interpretation of the average computer user.

If the system behavior becomes unacceptable due to damage caused from using utorrent, you will need to save your data files on an external media and reformat / re-install windows.
One tutorial is here: http://ask-leo.com/how_do_i_reformat_an ... ndows.html
There are a lot of them on the Internet to print out and follow.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Rootkit help needed

Unread postby askey127 » February 6th, 2011, 9:02 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware