FireSign
2009-04-19, 00:28
Hey, i re-installed windows around 3 week ago, and for the past 2 weeks ive been experiencing some strange behaviour. So i started getitng all my AV software again (i dont use much tbh, no firewalls, just SpyBot S&D, CCLeaner.. And when i have a virus or something, i just use google and fix it, and if i come across any new tools while trying to fix it, ill keep them ^^) It's fairly easy not to get virusses tho, ive learnt to avoid them, but i guess i picked up a rootkit from a umm.. reverse game engineering site xD
Anyway, i didnt know i had a rootkit (now i do), so i installed Spybot, but it wouldnt run, and after a few reinstalls i uninstalled and sent you a reason why (when the uninstaller prompted me to).. This is the first time ive gotten a replay from one of those xD Thanks alot for your efforts.. So after i uninstalled SpyBot, i did everything i could in CCleaner, and a few other tools, nothing stopped the strange behaviour.. Its nothing to big though (atleats i hope not), it just disconnects me from certain games, and gives me errors when trying to debug some of my game projects...
So anyway after googling, i found a tool called GMER (RootKit Scanner).. And it picked up something straight away, but i insisted on finished the scan.. the scan ran uninterrupted for 2 days but was stopped due to the power cutting out rofl (reallly bad luck i guess xD).. Anyway Ive ran some scanns, i ran a full scan using NOD32, it picked somethng up, but didnt do anything about it lol..
Then i check my emails and find one from you guys ^^, i was about to just leave it on my PC cause i tried everything appart form a reformat xD..
----
Ok, so RootAlyzer picked up exactly same thing as GMER (not in the Deep scan tho). I really dont want to do the Deep Scan, i mean a few hours would be fine, but if it takes arond the same time as GMER then no thanks... Besides GMER found this rootkit in the first 2 mins of the scan, then apsolutley nothing in the rest of the time. But if you really want me to do a deep scan, i guess i will..
So ive deleted the rootkit i think, the quick scan came up with it, so i rightclicked the kit at the bottom, and clicked Show Details, then deleted the file, ifi was worng to do so.. i guss ill try getting the rootkit again xD But anyway i tried to run Spybot again, but it still wouldnt, im guessing i have to restart my system.. so ill do that after this post and see if it helps (would be kind of pointless, i know, but if the rootit is still there or theres more rootkits(dont think there is but iunno) then this post wouldnt have been a waste of time^^ and so ill just edit it and say at the top if its solved..
The rootkit being picked up is:
Service C:\WINDOWS\system32\drivers\gaopdxbobvphwcmevdlvbbaewkpbitttyqjvby.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!
(Thas wgat GMER detected, ive apparently deleted it in RootAlyzer, and its not picking it up again in RootAlyzer's Quick Scan. RrootAlyzer also picked up:
C:\WINDOWS\system32\drivers\gaopdxcounter (something like that, its form memory since i closed RootAlyzer, but i deleted this file aswell)
I run GMER, and it does a quick scan on startup also, but it's picking up the rootkit still (after i deleted with RooAlyzer.)
So ill restart my PC now, and hopefully the rootkit wont be able to start, and so GMER wont pick it up, but if you think i should remove the rest of it (if theres more files, or i should do a deepscan anyway, plz say).
Anyway, i didnt know i had a rootkit (now i do), so i installed Spybot, but it wouldnt run, and after a few reinstalls i uninstalled and sent you a reason why (when the uninstaller prompted me to).. This is the first time ive gotten a replay from one of those xD Thanks alot for your efforts.. So after i uninstalled SpyBot, i did everything i could in CCleaner, and a few other tools, nothing stopped the strange behaviour.. Its nothing to big though (atleats i hope not), it just disconnects me from certain games, and gives me errors when trying to debug some of my game projects...
So anyway after googling, i found a tool called GMER (RootKit Scanner).. And it picked up something straight away, but i insisted on finished the scan.. the scan ran uninterrupted for 2 days but was stopped due to the power cutting out rofl (reallly bad luck i guess xD).. Anyway Ive ran some scanns, i ran a full scan using NOD32, it picked somethng up, but didnt do anything about it lol..
Then i check my emails and find one from you guys ^^, i was about to just leave it on my PC cause i tried everything appart form a reformat xD..
----
Ok, so RootAlyzer picked up exactly same thing as GMER (not in the Deep scan tho). I really dont want to do the Deep Scan, i mean a few hours would be fine, but if it takes arond the same time as GMER then no thanks... Besides GMER found this rootkit in the first 2 mins of the scan, then apsolutley nothing in the rest of the time. But if you really want me to do a deep scan, i guess i will..
So ive deleted the rootkit i think, the quick scan came up with it, so i rightclicked the kit at the bottom, and clicked Show Details, then deleted the file, ifi was worng to do so.. i guss ill try getting the rootkit again xD But anyway i tried to run Spybot again, but it still wouldnt, im guessing i have to restart my system.. so ill do that after this post and see if it helps (would be kind of pointless, i know, but if the rootit is still there or theres more rootkits(dont think there is but iunno) then this post wouldnt have been a waste of time^^ and so ill just edit it and say at the top if its solved..
The rootkit being picked up is:
Service C:\WINDOWS\system32\drivers\gaopdxbobvphwcmevdlvbbaewkpbitttyqjvby.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!
(Thas wgat GMER detected, ive apparently deleted it in RootAlyzer, and its not picking it up again in RootAlyzer's Quick Scan. RrootAlyzer also picked up:
C:\WINDOWS\system32\drivers\gaopdxcounter (something like that, its form memory since i closed RootAlyzer, but i deleted this file aswell)
I run GMER, and it does a quick scan on startup also, but it's picking up the rootkit still (after i deleted with RooAlyzer.)
So ill restart my PC now, and hopefully the rootkit wont be able to start, and so GMER wont pick it up, but if you think i should remove the rest of it (if theres more files, or i should do a deepscan anyway, plz say).