Dear God Help me - I Have a Rootkit or some other BS
Posted 09 November 2011 - 09:35 PM
Posted 09 November 2011 - 09:50 PM
Kaspersky TDSS Killer
Posted 09 November 2011 - 10:03 PM
Posted 09 November 2011 - 10:08 PM
Posted 09 November 2011 - 10:38 PM
Edited by philo-sofa, 09 November 2011 - 10:39 PM.
Posted 10 November 2011 - 07:40 AM
Apart from the other suggestions (all good) I would boot in to safe mode and run CCleaner X64 portable.
d/l now. Will run all of them I can find anything I can. I however think it needs human analytics to get rid of?
Get it to clean all temp and temp internet files.
Or manually delete all temp files etc for all users.
There is also a load of free Kaspersky tools you could try at
My bet is it is just a cookie that runs at specific time intervals so the above cleanup should fix it.
One way to check is to create a new user on the PC, log in to the new account and see if it is affected. If not then it is a user specific issue, not a system wide problem like a rootkit.
Also check what addons have been installed in Chrome, could be something to do with one of them.
Next I would be checking you ethernet connection settings and modem settings in case of DNS hijacks.
Modem DNS should be set to auto or your ISPs DNS servers or the DNS servers you use. Don't forget to change the modem interface login password to prevent malware hijacking the settings.
Do the same for your ethernet interface (or wireless if using it).
Next check your hosts file.
Using the fixit option is the easiest, although I prefer the manual method as I know it has been done then.
Edited by aliali, 10 November 2011 - 07:47 AM.
Of course you are my bright little star,
I've miles and miles of files pretty files of your forefather's fruit,
and now to suit our great computer. You're magnetic ink.
Posted 10 November 2011 - 10:03 AM
Another vote for Malwarebytes, I buy bulk licences to give to my clients, but the free version will do the trick. I use it in conjunction with Microsoft security essentials.
Malwarebytes Anti Malware?
Posted 10 November 2011 - 11:21 AM
Hosts: 126.96.36.199 www.google-analytics.com.
Hosts: 188.8.131.52 ad-emea.doubleclick.net.
Hosts: 184.108.40.206 www.statcounter.com.
Hosts: 220.127.116.11 www.google-analytics.com.
Hosts: 18.104.22.168 ad-emea.doubleclick.net.
is dodgy as. However when I check my hosts file it's effectively blank as below:
# Copyright © 1993-2006 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 22.214.171.124 rhino.acme.com # source server
# 126.96.36.199 x.acme.com # x client host
Do you think this indicates the problem is in a presumably moved hosts file? Have tried the MS fix (my copypasta of the hosts file is from before this BTW) just in case.
EDIT: had a though an reopened the hosts file - about 300 lines down from the opening spiel I copied above (which is suspicious) I found three of the lines mentioned by DDS! Removed those (which the MS fix hadn't done), reopened and confirmed it's gone. Will see if that does the trick (and still run every anti-malware thing here just in case.
However after clearning my DNS cache I looked at it and was the result inspite of a continuingly clear hosts file:
Is that bad?..
Edited by philo-sofa, 10 November 2011 - 12:06 PM.
Posted 10 November 2011 - 12:27 PM
Edited by Jeruselem, 10 November 2011 - 12:30 PM.
“We’re not going to stop the wheel. I’m going to break the wheel.” - Daenerys Targaryen
"We have some of the most beautiful hookers in the world" - Putin to Trump
Posted 10 November 2011 - 02:02 PM
Posted 10 November 2011 - 05:29 PM
Which looks a lot better. I'll have to wait a few days before I can be sure this is resolved, but I feel very optimistic. Cheers to everyone here! Fuckin stoked I can call my computer my own again without going to an age-old system restore point! For what it's worth I would recommend you hold off on Combofix if you have a similar problem as it does basically come plastered with a thousand warning labels... but do keep it in mind as it did seem to resolve something that was otherwise irresolvable.
*crosses fingers that the rootkit really has been properly unrooted*
Edited by philo-sofa, 10 November 2011 - 05:30 PM.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users