PDA

View Full Version : does anyone know of the globalroot trojan?


graham f cutler
2009-09-10, 13:13
please help me! I've been infected with

globalroot\Device\__max++>\A30B1AEC.x86.dll

(this title was copied and pasted from a scan report),
and I don't know how to get rid of it. No matter what I do, it remains
despite me using several different removal programs on it.
PTurgeon
2009-09-10, 16:59
please help me! I've been infected with

globalroot\Device\__max++>\A30B1AEC.x86.dll

(this title was copied and pasted from a scan report),
and I don't know how to get rid of it. No matter what I do, it remains
despite me using several different removal programs on it.

Graham, I believe I have the same problem. I am working with PCTools' Customer Support on it: so far we've established that their own Malware Detective product is thwarted by this rootkit.

They've had me run Rootkit Unhooker LE v3.8.341.552 (at) which completed a scan, and GMER 1.0.15.15020 (at Removed ), which was thwarted by the rootkit in its "Services" scan phase via a system reboot. I submitted my logs to them and am awaiting their next recommendation later today.

BTW, user dogsoldier posted a similiar issue on 8/30 in this forum (http://forums.spybot.info/showthread.php?p=333102#post333102) but did not detail his resolution.

I will post here again when I hear from them. If you find a resolution, please post it here.
PTurgeon
2009-09-10, 17:12
Graham, I believe I have the same problem. <snip>

PC Tools Customer Support says their SLA for responding is 24hrs. I will try what dogsoldier mentions (Win32kDiag and Avenger) to see if that gets me anywhere, and will post again later.

Edit

Please note that all instructions given are customized for that member's computer only, the tools used may cause damage if run on a computer with different infections. Your symptoms may only appear to be similar. Regardless, please do not take fixes given to another user and apply to your own machine. "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
tashi
2009-09-10, 19:13
Hello graham f cutler,

Please follow the instructions in this link to produce a HJT log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where an analyst will advise you as soon as available.

Best regards.