Rootkit.access

View previous topic View next topic Go down

Rootkit.access

Post by Sir $wat on 20th May 2012, 4:36 am

Hello again, seems like im infected with a rootkit.

Can u help me take it out?



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Rootkit.access

Post by Dr Jay on 20th May 2012, 6:15 am

Run this tool first please:



  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 14309
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Arch. Arch. : x64 (64-bit)
    Protection Protection : Bitdefender Total Security
    Points Points : 302960
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Rootkit.access

    Post by Sir $wat on 20th May 2012, 9:57 pm

    Running from: C:\Users\Deborah\Desktop\Win32kDiag.exe

    Log file at : C:\Users\Deborah\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\Windows'...



    Cannot access: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspF645.tmp

    [1] 2010-06-28 05:25:30 81 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspF645.tmp ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

    [1] 2012-05-20 17:18:28 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

    [1] 2012-05-20 17:18:12 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

    [1] 2012-05-20 17:18:21 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

    [1] 2012-05-20 17:18:21 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl

    [1] 2012-05-20 17:18:17 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl ()





    Finished!




    Sir $wat
    Top Dog
    Top Dog

    Posts Posts : 2078
    Joined Joined : 2008-08-16
    Gender Gender : Male
    OS OS : Windows XP Professional SP3
    Protection Protection : Panda Cloud
    Points Points : 34201
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Rootkit.access

    Post by Dr Jay on 21st May 2012, 3:11 pm

    Please visit this webpage for a tutorial on downloading and running ComboFix:

    [You must be registered and logged in to see this link.]

    See the area: Using ComboFix, and when done, post the log back here.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 14309
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Arch. Arch. : x64 (64-bit)
    Protection Protection : Bitdefender Total Security
    Points Points : 302960
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum