Results 1 to 2 of 2

Thread: i am need some help manually removing a globleroot\systemroot\system32\MSIVX

  1. #1
    Junior Member
    Join Date
    Jul 2009
    Posts
    2

    Default i am need some help manually removing a globleroot\systemroot\system32\MSIVX

    i have ran GMER to get my logs and this is what it gave me when i opened it and when i did a full scan on my comp. can someone please help me to remove this virus. it will not even allow me to put macafee on my comp till its gone. and it is blocking a lot of other programs i need. PLEASE HELP ME


    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-07-06 22:22:49
    Windows 6.0.6001 Service Pack 1


    ---- System - GMER 1.0.15 ----

    Code 870F8110 ZwEnumerateKey
    Code 872373F8 ZwFlushInstructionCache
    Code 86FD5505 IofCallDriver
    Code 8717524E IofCompleteRequest

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 893E3DE0
    Device \FileSystem\Ntfs \Ntfs 856B3978
    Device \FileSystem\Ntfs \Ntfs 899AFE00
    Device \FileSystem\Ntfs \Ntfs 855A0BA0
    Device \FileSystem\Ntfs \Ntfs 89487188
    Device \FileSystem\Ntfs \Ntfs 88BBE0E0
    Device \FileSystem\Ntfs \Ntfs 857BDB00
    Device \FileSystem\fastfat \Fat 856C6DD8
    Device \FileSystem\fastfat \Fat 88FF3990
    Device \FileSystem\fastfat \Fat 8503CAD0
    Device \FileSystem\fastfat \Fat 855C8180
    Device \FileSystem\fastfat \Fat 854135D0
    Device \FileSystem\fastfat \Fat 89487820
    Device \FileSystem\fastfat \Fat 8959AF78

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS

    ---- Threads - GMER 1.0.15 ----

    Thread 6gxwl.exe [4312:2308] SSDT 0x898EE1A8 != 0x81EFB8E0
    Thread 6gxwl.exe [4312:3808] SSDT 0x898EE1A8 != 0x81EFB8E0

    ---- Services - GMER 1.0.15 ----

    Service C:\Windows\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----



    This was the full scan

  2. #2
    Junior Member
    Join Date
    Jul 2009
    Posts
    2

    Default this is all the bad off the full scan have the whole thing is needed

    ---- Services - GMER 1.0.15 ----

    Service C:\Windows\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-ROOTKIT !!!
    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???)?????????f???????????e??LocalSystem?t???HidUsb??????? ???????f?????????????????????????? ??????f????v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (UPnP-In)|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|??=??v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (UPnP-Out)|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|???????????????f??????????????v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (HTTP-Streaming-In)|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|???-?????????1??????N??f????????D???X?{745a17a0-74d3-11d0-b6fe-00a0c90f57da}????8??????f???????e??HidUsb???????f?f\J(???N??f?????
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@start 1
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@type 1
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@group file system
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start 1
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type 1
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group file system
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@start 1
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@type 1
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@group file system
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Jason\AppData\Local\Temp\MPSampleSubmit\msivxstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys.xor 78336 bytes
    File C:\Users\Jason\AppData\Local\Temp\MPSampleSubmit\msivxstrwtxjhcukoqvcpqnpymtqpymmxknnb_1.sys.xor 78336 bytes
    File C:\Windows\System32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys 78336 bytes executable <-- ROOTKIT !!!
    File C:\Windows\System32\MSIVXcount 4 bytes
    File C:\Windows\System32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll 0 bytes
    File C:\Windows\System32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll 0 bytes

    ---- EOF - GMER 1.0.15 ----

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •