Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: I think I have a rootkit

14 Jan 2014   #1

Windows 7 Home Premium x64
 
 
I think I have a rootkit

I am almost positive that I have a rootkit. I know this because it has happened before. I tried both gmer and avast for rootkit removal and they both got so far and then froze up and had to force a shutdown of the programs. What should I do?

I am in the middle of a semester right now and have a ton of assistive technology on my laptop and cannot afford to reformat at this time. Any other ideas?

My System SpecsSystem Spec
.

14 Jan 2014   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Try TDSSKiller

TDSSKiller Download

When you run TDSS, click on the "change parameters" & check the box marked "Detect TDLFS File System"

If you want to be certain you have a rootkit, you can run a bootable partition manager called GParted. Make it on another PC & run it at boot. A rootkit will show up on the back of the drive as a hidden boot partition, usually between 1 - 10 MB.

GParted -- A free application for graphically managing disk device partitions
My System SpecsSystem Spec
15 Jan 2014   #3

Windows 7 Pro 32/64 bit and Windows 8 Pro 32 Bit/64bit
 
 

you can also try Malwarebytes Rootkit Beta, I use it all the time when I suspect a rootkit on a clients machine
you can get it here

https://www.malwarebytes.org/downloads/#tools
scroll down till you see the BETA section
My System SpecsSystem Spec
.


16 Jan 2014   #4

Windows 7 64
 
 

Instead of creating a new thread, I thought I'd add to this one as I'm experiencing a similar issue.

I've done everything a basic user can do:

1.) Ran Malwarebytes Antimalware and found some things which it removed
2.) Ran Spybot S&D and found some things which it removed
3.) Ran Kaspersky TDSS Killer and found some things which were quarantined by ESET NOD32 Antivirus
4.) Ran GMER and it found 3 items in registry but didn't give me the option to remove?
5.) Ran GParted to see if there are any fishy partitions and there were none

After all this, the problem continues to persist. The reason I know it's still here is because Malwarebytes Anti-Malware system protection keeps popping up a window saying something is attempting an outgoing connection through 192.168.1.255. The port it is attempting to break through with is 137 and 138, most of the time, although I have seen a range of 5 different IP's thus far.

Anyone have any idea what this monster is? And how deep it is buried in my system?

I only began to notice these "hack attempts" after creating a new Wi-Fi network and changing the password. Is it possible that this parasite as been leeching off me the entire time before I killed the network and created a new one?
My System SpecsSystem Spec
16 Jan 2014   #5

Windows 7 Home Premium 64Bit
 
 

Quote   Quote: Originally Posted by bassdrv View Post
Instead of creating a new thread, I thought I'd add to this one as I'm experiencing a similar issue.

I've done everything a basic user can do:

1.) Ran Malwarebytes Antimalware and found some things which it removed
2.) Ran Spybot S&D and found some things which it removed
3.) Ran Kaspersky TDSS Killer and found some things which were quarantined by ESET NOD32 Antivirus
4.) Ran GMER and it found 3 items in registry but didn't give me the option to remove?
5.) Ran GParted to see if there are any fishy partitions and there were none

After all this, the problem continues to persist. The reason I know it's still here is because Malwarebytes Anti-Malware system protection keeps popping up a window saying something is attempting an outgoing connection through 192.168.1.255. The port it is attempting to break through with is 137 and 138, most of the time, although I have seen a range of 5 different IP's thus far.

Anyone have any idea what this monster is? And how deep it is buried in my system?

I only began to notice these "hack attempts" after creating a new Wi-Fi network and changing the password. Is it possible that this parasite as been leeching off me the entire time before I killed the network and created a new one?

Hi there, could i ask you to create a new thread please? It just avoids confusion with the OP's problem and yours. Thanks

Devlin
My System SpecsSystem Spec
16 Jan 2014   #6

Windows 7 64
 
 

Looks like I over reacted a bit there. After some googling, I found out that it was a Malwarebytes database update that was causing this to happen. After updating today, the problem has disappeared. Phew!
My System SpecsSystem Spec
Reply

 I think I have a rootkit





Thread Tools



Similar help and support threads for2: I think I have a rootkit
Thread Forum
ZA Reg Rootkit??? System Security
New rootkit scanner System Security
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough System Security
rootkit System Security
Rootkit, Fix It and MSE Final? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:44 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33