VaultNetwork.netVault Network Boards

VaultNetwork.net: Vault Network Boards | Boards

[VaultNetwork.net] Vault Network Boards » Archive » PC General/Hardware/Software & Tech Support Board » Trojan rootkit help
Welcome, Guest - Login | Register | Search | Blogs | Board Rules/FAQ | Contact Mods
Author Topic: Trojan rootkit help [Locked]
AgzntOrange2  2 stars
Posts: 304
Registered: 2008-11-20 13:55:40
 Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
Hi, I know I should know better but I downloaded a game from Piratebay and guess what ! Win32 trojan. AVP tried to remove but it kept replicating and I ended up with about 10 hits. Finally removed. Malwarebytes could not find any trace. Now I find everyday I have a scheduled upload job that my firewall blocks. I guess I have a rootkit. I tried to get into safe mode to run malwarebytes but F8 doesn't work. Running windows xp 32 bit. Anyone have a boot to kick me.

any help to figure out how to get into safe mode appreciated. tks

 

-----signature-----
http://img.photobucket.com/albums/v324/Lynea/BugsMaroon.jpg
Maybe Mormons are secret Muslims (same number of letters and starts with M and ends with S)
I think I solved some conspiracy theory...
Speak-pkhq  1 star
Title: Sheep's bane
Posts: 113
Registered: 2002-7-7 21:32:14
 Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
f8 should still work, just spam it during the post.

if you can burn a cd, boot from http://support.kaspersky.com/viruses/rescuedisk and run the scan. cant hurt!

 

-----signature-----
Wailing HoHoHoMerryXmas Hero, daoc Kay
Bardog Mage, wow Thunderlord <Schizm>
http://7-zip.org/
trollop hunter
AgzntOrange2  2 stars
Posts: 304
Registered: 2008-11-20 13:55:40
 Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
will burn disk from work, tks

 

-----signature-----
http://img.photobucket.com/albums/v324/Lynea/BugsMaroon.jpg
Maybe Mormons are secret Muslims (same number of letters and starts with M and ends with S)
I think I solved some conspiracy theory...
Seffrid  1 star
Title: Ancient One
Posts: 111
Registered: 2001-12-21 08:33:14
 Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
If you have a basic spare keyboard try booting up into safe mode with that connected, some of the more complex keyboards don't respond before Windows has loaded.
AgzntOrange2  2 stars
Posts: 304
Registered: 2008-11-20 13:55:40
 Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
ok will try the other keyboard. I tried to make the boot disk but my writer at work won't recognize disk ! Anyway I came home early (dentist!) I checked task manager there is an upload to occur every 4 hours

C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload

Also a config task also to run every 4 hrs

C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo

Likewise, while I was typing this I had a request from Mozilla to upload a plugin command-plugin.exe

This bad baby doesn't give up and has all the tricks.

thank you private firewall 7.0

I may have to reinstall.......Dumb me.

 

-----signature-----
http://img.photobucket.com/albums/v324/Lynea/BugsMaroon.jpg
Maybe Mormons are secret Muslims (same number of letters and starts with M and ends with S)
I think I solved some conspiracy theory...
Seffrid  1 star
Title: Ancient One
Posts: 111
Registered: 2001-12-21 08:33:14
 Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
Have you tried a system restore?
AgzntOrange2  2 stars
Posts: 304
Registered: 2008-11-20 13:55:40
 Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
yes, tried system restore, it never works, always fails. says unable to restore?

 

-----signature-----
http://img.photobucket.com/albums/v324/Lynea/BugsMaroon.jpg
Maybe Mormons are secret Muslims (same number of letters and starts with M and ends with S)
I think I solved some conspiracy theory...
Greybear1andonly  1 star
Posts: 181
Registered:
Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
Gonna sound dumb, I know, but Uninstall the Microsoft Fix It Center, which is a real program.
Ah-Schoo  4 stars
Title: Fuzzy Caterpillar of Friendliness
Posts: 3,034
Registered: 2000-8-11 09:05:29
 Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
I've had good luck with safe mode, then combofix, and then malwarebytes. (I haven't run into that particular one yet though.)

 

-----signature-----
.
Opinion = fact. Anecdote = proof. Political label more important than either of those.
Welcome to ACF, where debate goes to die.
.
"fascist totalitarian secular progressive Zionist intellectually challenged Christian puppets." - Aerlinthina
Greybear1andonly  1 star
Posts: 181
Registered:
Date Posted: 2/14/12 10:23am Subject: Trojan rootkit help
ComboFix

RootKitRevealer

Kaspersky Rescue CD 10
[VaultNetwork.net] Vault Network Boards » Archive » PC General/Hardware/Software & Tech Support Board » Trojan rootkit help
69 Boards | 434,053 Messages (0 Today)
CoreBB Stable Pre-Release v1.3.0 | © 2005-2026 CoreBB

VaultNetwork.net is an independently operated community forum and is not affiliated with, endorsed by, or technically based on IGN, GameSpy, FilePlanet, GameStats, or the former IGN/GameSpy Vault Network.
References to VaultNetwork.net mean this site/domain. VNBoards-style presentation is a visual homage only. By using this site, you agree to the forum rules.