Rootkit.access

View previous topic View next topic Go down

Rootkit.access

Post by Sir $wat on Sun 20 May 2012, 3:36 pm

Hello again, seems like im infected with a rootkit.

Can u help me take it out?

Sir $wat

Master Surfer
Master Surfer

Posts : 2078
Joined : 2008-08-17
Operating System : Windows XP Professional SP3

View user profile

Back to top Go down

Re: Rootkit.access

Post by DragonMaster Jay on Sun 20 May 2012, 5:15 pm

Run this tool first please:



  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

    • Download Win32kDiag (Win32kDiag.exe) - #1
    • Download Win32kDiag (Win32kDiag.exe) - #2
    • Download Win32kDiag (Win32kDiag.exe) - #3

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • [You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

    ~DMJ
    GeekPolice Academy Manager


    Donations/Contributions

    DragonMaster Jay

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 13451
    Joined : 2009-09-07
    Operating System : Windows 7 Ultimate

    View user profile http://www.twitter.com/jaypfoutz

    Back to top Go down

    Re: Rootkit.access

    Post by Sir $wat on Mon 21 May 2012, 8:57 am

    Running from: C:\Users\Deborah\Desktop\Win32kDiag.exe

    Log file at : C:\Users\Deborah\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\Windows'...



    Cannot access: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspF645.tmp

    [1] 2010-06-28 05:25:30 81 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspF645.tmp ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

    [1] 2012-05-20 17:18:28 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

    [1] 2012-05-20 17:18:12 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

    [1] 2012-05-20 17:18:21 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

    [1] 2012-05-20 17:18:21 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl

    [1] 2012-05-20 17:18:17 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl ()





    Finished!


    Sir $wat

    Master Surfer
    Master Surfer

    Posts : 2078
    Joined : 2008-08-17
    Operating System : Windows XP Professional SP3

    View user profile

    Back to top Go down

    Re: Rootkit.access

    Post by DragonMaster Jay on Tue 22 May 2012, 2:11 am

    Please visit this webpage for a tutorial on downloading and running ComboFix:

    [You must be registered and logged in to see this link.]

    See the area: Using ComboFix, and when done, post the log back here.


    [You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

    ~DMJ
    GeekPolice Academy Manager


    Donations/Contributions

    DragonMaster Jay

    Manager | Tech Officer
    Manager | Tech Officer

    Posts : 13451
    Joined : 2009-09-07
    Operating System : Windows 7 Ultimate

    View user profile http://www.twitter.com/jaypfoutz

    Back to top Go down

    Re: Rootkit.access

    Post by Sponsored content Today at 9:44 am


    Sponsored content


    Back to top Go down

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum