Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Getting rid of rootkits without normal/safe mode


31 Aug 2013   #11

Windows 7 Home Premium
 
 

You may not even have a RootKit...

Do you have the last report created by TDSSKiller?

Logs have a name/location like:
C:\TDSSKiller.2.4.7_23.10.2013_15.31.43_log.txt


My System SpecsSystem Spec
.

01 Sep 2013   #12

Windows 7 Home Premium 64bit
 
 

Okay so this is what Gparted found.
Could you tell me if there's any thing wrong and how to get rid of it?
Otherwise I ran kaspersky, Microsoft offline defender, and bitdefender. Bitdefender was the only one to find two Trojans, which I deleted even though I'm pretty sure they were false positives (from Skype and adw cleaner or something like that).
I have yet to run FRST, and will do so asap.


Attached Thumbnails
Getting rid of rootkits without normal/safe mode-img_20130901_131555.jpg  
My System SpecsSystem Spec
01 Sep 2013   #13

Windows 7 Home Premium 64bit
 
 

I have no idea what it is so I'm looking in any direction...
I recently ran kaspersky rescue disk so does that qualify?
What do you think it could be? The update still?
My System SpecsSystem Spec
.


01 Sep 2013   #14

Windows 7 Home Premium
 
 

Do not see any partition in GParted with Flags: boot, hidden

Don't think there is a RootKit...

If you post the TDSSKiller report, as previously requested, and the Farbar Recovery Scan Tool, that will provide some enlightenment as to whether the problem is malware.
My System SpecsSystem Spec
02 Sep 2013   #15

Windows 7 Home Premium 64bit
 
 

I have attached the FRST text. How can I get the TDSSKiller log since I can't access safe mode?


Attached Files
File Type: txt FRST.txt (29.3 KB, 8 views)
My System SpecsSystem Spec
02 Sep 2013   #16

Windows 7 Home Premium
 
 

You do not need to access Safe Mode to get the TDSSKiller report.

Logs have a name/location like:
C:\TDSSKiller.2.4.7_23.10.2013_15.31.43_log.txt

It is located in drive C: (or the drive where the Operating System is located)
My System SpecsSystem Spec
03 Sep 2013   #17

Windows 7 Home Premium 64bit
 
 

I have more logs, but I'm not sure they're necessary. I'll upload them if you like.
My System SpecsSystem Spec
03 Sep 2013   #18

Windows 7 Home Premium
 
 

Don't see a rootkit in those reports.

On the Safe Mode issue...

At this point, are you able, or, not able to boot to Safe Mode?

What happens if you try to do so?
My System SpecsSystem Spec
04 Sep 2013   #19

Windows 7 Home Premium 64bit
 
 

No I can't boot into safe mode. Previously, it would just get stuck on the welcome screen, with the wheel spinning and freezing at points. When I tried booting normally I got a message saying that the user service profile couldn't log on or something like that, so searching this problem on the internet I created an administrator account. Now when booting into safe mode it will load into the background but there is no toolbar or icons. I can log in with cmd, but it doesn't work. I can type things in and move around the screen, but actual commands freeze everything and once unfrozen don't do anything.
My System SpecsSystem Spec
04 Sep 2013   #20

Windows 7 Home Premium
 
 

As of right now, what happens if you log in normally to your regular account?

Do you still get:
"User Profile Service failed the logon"


See if you can open a Command Prompt:
Start > All Programs > Accessories > Command Prompt

Once Command Prompt is open, copy (highlite with mouse and select: Copy) the command that follows, and at the blinking cursor, click to the right of it, and select Paste:

Code:
wmic useraccount get name,sid
Press: Enter
Please provide the results by clicking on the icon on the upper left frame of the Command Prompt, and selecting Edit > Select All
Once again, do the same and select: Edit > Copy
Open Notepad, and provide the results in your reply.


Also, at the Command Prompt type:

Code:
set userprof
Please provide the results as above.
My System SpecsSystem Spec
Reply

 Getting rid of rootkits without normal/safe mode




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:54 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33