i am need some help manually removing a globleroot\systemroot\system32\MSIVX

**otr_trucker07** · 2009-07-07, 04:52

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-ROOTKIT !!!
---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???)?????????f???????????e??LocalSystem?t???HidUsb??????? ???????f?????????????????????????? ??????f????v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (UPnP-In)|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|??=??v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (UPnP-Out)|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|???????????????f??????????????v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (HTTP-Streaming-In)|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|???-?????????1??????N??f????????D???X?{745a17a0-74d3-11d0-b6fe-00a0c90f57da}????8??????f???????e??HidUsb???????f?f\J(???N??f?????
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll

---- Files - GMER 1.0.15 ----

File C:\Users\Jason\AppData\Local\Temp\MPSampleSubmit\msivxstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys.xor 78336 bytes
File C:\Users\Jason\AppData\Local\Temp\MPSampleSubmit\msivxstrwtxjhcukoqvcpqnpymtqpymmxknnb_1.sys.xor 78336 bytes
File C:\Windows\System32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys 78336 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\MSIVXcount 4 bytes
File C:\Windows\System32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll 0 bytes
File C:\Windows\System32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll 0 bytes

---- EOF - GMER 1.0.15 ----

Thread: i am need some help manually removing a globleroot\systemroot\system32\MSIVX

Thread Tools

Display

Hybrid View

this is all the bad off the full scan have the whole thing is needed

Tags for this Thread

Posting Permissions