Results 1 to 10 of 16

Thread: I need help, I do not know what to do about this possible malware/rookit

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2017-12-21, 06:54 #1
    kenanmp7
    kenanmp7 is offline
    Junior Member
    Join Date
    Dec 2017
    Posts
    8

    Default

    So first off I don't know anything about anything and have just been following instructions from random articles on how to remove malware/rookits.
    It first started when I wasn't able to open up chrome, which led me to try and open task manager to end it but when I tried to open task manager it didn't let me, some .exe error thing popped up. I didn't think much of it and just went on to use the edge browser but since then the situation has gotten worse. I can't open up most files, like videos, pictures, etc I just get a class not registered error. the windows button and search bar in the bottom left corner are unresponsive and I can't access any settings, I get a message saying "this file does not have a program associated with it" I can't open any command prompt or whatever else most articles were saying to do. While I still had access to the Edge browser I tried to download Malwarebytes but it didn't let me install it, another .exe error or something. Next I decided to just say screw it and format my pc, since I couldn't access the windows button I had to do the hold shift and click restart method. Sadly the formatting process failed, I assume whatever my pc has is preventing me from doing so, I tried 3 more times but still nothing. So what I did after was booting my pc into safe mode with networking. I managed to look through my files and find internet explorer, the only browser that still works. With it I downloaded Rkill and it did it's thing which then let me download Malwarebytes, but Malwarebytes found 0 threats. I tried TDSSkiller next, nothing. So now here I am trying SpyBot. I ran a deep scan for rookits and some hklm registry keys popped up and I'm not sure whether to deleted them or not. If I need to provide any additional information I will, just please help me get rid of this thing.

    Edit
    The malware forum's FAQ: http://forums.spybot.info/showthread.php?t=288

    I don't know what I did wrong with my post for the fyi but if I was missing information needed here it is I think. Somebody please just help or tell me how to post to get proper help because after reading the faq I have no idea what I did wrong.

    // info: Rootkit removal help file
    // copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\0BE7365E4CF77E116BD159EB7595E4CA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF0A13FDF61E754587.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF0BDC3D8264C2C3D4.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF55BFE0012B9E915A.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF6B58BAB04CBB3235.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF6BFCBAFF39288B9A.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF712992F7C36790AB.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF8A0B930BEB0DF89E.TMP"
    File:"Unknown ADS","C:\ProgramData\Intel\Wireless\Settings:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AlphaConsole:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Video Win Movie Maker:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Steam\steamapps\common\rocketleague:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\NICDRV_8169:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Bluetooth:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\WiFi\bin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD\CNext\CCCSlim:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Help:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\VEGAS\VEGAS Pro 15.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\WiFi:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Intel\WirelessCommon:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CIM:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\PRW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CNext\CNBranding:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CNext\CNext:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CNext\CNext\ffmpeg:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CIM\BIN64:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"
    Last edited by tashi; 2017-12-21 at 07:45. Reason: Merged 2 posts. Topic was moved from the RootAlyzer forum so user could receive assistance
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules