Skip to content


Reply
Stone Esquire
Stu-714
Posts: 2
Registered: ‎09-22-2011
Accepted Solution

Rootkit buster

hi i have a rootkit in my system rootkit buster says kernel patched? it dose not show up when i install win xp just in win 7 this is a fresh install new HD & video card ,it says VGA courput ? (friends advice) here is the log Currently?

 

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1041
| Computer Name: Home-PC
| User Name: Home
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
MBR unsupported disk type
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Value]:
 KeyPath   : (null)
 Root      : 1d18610
 SubKey    : (null)
 ValueName : (null)
 Data      : (null)
 ValueType : 66
 AccessType: 67
 FullLength: 0x4f99ad0
 DataSize  : 0x1d1c658
[HIDDEN_REGISTRY][Hidden Reg Value]:
 KeyPath   : (null)
 Root      : 1d18610
 SubKey    : (null)
 ValueName : (null)
 Data      : (null)
 ValueType : 58
 AccessType: 5f
 FullLength: 0x4f9b0fc
 DataSize  : 0x4f9b0e0
[HIDDEN_REGISTRY][Hidden Reg Value]:
 KeyPath   : (null)
 Root      : 1d18610
 SubKey    : (null)
 ValueName : (null)
 Data      : (null)
 ValueType : 5d
 AccessType: 5f
 FullLength: 0x4f9b0fc
 DataSize  : 0x1d1c658
 3 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
[KERNEL_CODE][DEVICE_OBJECT]:
 Driver Name     : vga
 DeviceObject at : 01D1C658
1 Kernel code patching found.

--== Dump Hidden Services ==--
No hidden services found.

 

My question is ? is this root kit in the BIOS ?

can you help me with this , i have had my mouse move with out my help cd eject & very slow performance while

online have used combofix / AVG free/ and outhers they remover it in my laptop only reporting AVG hooks but not on the desktop . its a shuttle a35n main board 1,8 G AMD cpu /radon 9200 video & windows 7 home

 

Thanks!  any help will help!

Stu

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,925
Registered: ‎08-08-2011

Re: Rootkit buster

[ Edited ]

 BOOT INTO SAFE MODE AND THEN FOLLOW THE INSTRUCTIONS.

READ EACH AND EVERY STEP CAREFULLY.

 Download link is given here:

http://majorgeeks.com/Kaspersky_Virus_Removal_Tool_d4515.html

You can view scan results in the Autoscan tab .

In order to run automatic scan of your computer by Kaspersky Virus Removal Tool 2011, perform the following actions:

  1. Launch the program.
  2. Specify the parameters of the automatic scan. The default settings are as follows:
    • Scan scope: system memory, hidden autostart objects, boot sectors.
    • Security level: recommended.
    • Actions: prompt on detection.
  3. Go to the Automatic Scan tab.
  4. Click the Start scanning button.
  5. Wait until the scan is over.

Once the scan task is started, the program will detect and automatically delete all known viruses, rootkits, Trojan programs and worms. The application will perform the following actions on threat detection:

  • Prompt for action on each threat detection (if you select Prompt for action).
  • Disinfect or delete; or delete an infected object if disinfection fails (if you checkedSelect action: DisinfectandDelete/Delete if disinfection fails[recommended).

Go to the Reports tab with the image of a list .



  1. Select the required section:
    • Detected threats. This report displays all threats detected during autoscan. You can start automatic disinfection by clicking the Disinfect all button.
    • Autoscan report. The report provides autoscan results.
    • Manual disinfection report. The report provides results of manual disinfection (of work of the running scripts).
  2. You can view the report in the right part of the window. For your convenience you can change data display: group events by various parameters, select the required period. In order to save the report, click the Save button.Copy and paste the entire report here on next reply.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Trend Micro Employee
arteec
Posts: 1,277
Registered: ‎07-08-2010

Re: Rootkit buster

Hello Stu-714,

 

From the Rootkit Buster logs, I believe the system is clear from any infection.

 

If the computer's performance is running very slow, you may check on possible conflicts on it. Look under your Control panel and check if you have multiple security programs. If you have multiple programs, uninstall others and leave your main security program. This is could drag the computer's memory usage.

 

You may also include a compy of your system information so we could double check on int. Refer to the link below for a detailed steps:

http://esupport.trendmicro.com/Pages/How-to-get-System-Information-log-needed-by-Technical-Support.a...

 

Hope this helps.

 

All the best,

Artee :smileyhappy:

 


 


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,925
Registered: ‎08-08-2011

Re: Rootkit buster

Naa...logs arent clean it looks like We have TDL type infection...

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,925
Registered: ‎08-08-2011

Re: Rootkit buster

3 hidden registry entries found.
1 Kernel code patching found.

 A small snip from the rootkit buster log....follow the kaspersky removal tool instrucctions as i mentioned before...

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.