No problem... Not quite done yet though.Thanks man! The rootkit got removed, how come kaspersky detects this rootkit, and my norton 360 4.0 doesn't? I'll look what I can donate.
The Kaspersky TDDSKiller program was made to specifically target this variant of the TDL3 Rootkit. Why Norton doesn't detect it, I have no idea.
CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:
- Code: Select all
Extra:: File:: c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk c:\windows\pss\Antimalware Doctor.lnk.Startup Folder:: c:\users\George\AppData\Roaming\riujosodf c:\users\George\AppData\Local\riujosodf DirLook:: c:\users\George\AppData\Roaming\Tific FileLook:: c:\windows\system32\acovcnt.exe Registry:: [-HKLM\~\startupfolder\C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "skb"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000000 DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:6522 Firefox:: FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\yqzntvot.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Torrent Finder RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Kaspersky Online Scan
Please make sure that all programs are closed when installing Java.
- Click here to visit Java's website
- Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
- Click the orange Download JRE button to the right
- Select Windows from the drop-down list for Platform
- Select Multi-language from the drop-down list for Language
- Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue
- Click on jre-6u21-windows-i586.exe link to download it and save this to a convenient location
- Right click on jre-6u21-windows-i586.exe and select Run As Administrator to install Java
- After the Java installation has finished, right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
- Go to Kaspersky website and perform an online antivirus scan
- Read through the requirements and privacy statement and click on Accept button
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
- When the downloads have finished, click on Settings
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases - Click on My Computer under Scan
- Once the scan is complete, it will display the results. Click on View Scan Report
- You will see a list of infected items there. Click on Save Report As...
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
- Please post this log in your next reply
This scan will take quite some time to update & scan, so be patient with it.
To post in next reply:
ComboFix log
Kaspersky Online Scan log
Update on how the computer is running