Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: I think I have a rootkit

14 Jan 2014   #1
liloicutie

Windows 7 Home Premium x64
 
 
I think I have a rootkit

I am almost positive that I have a rootkit. I know this because it has happened before. I tried both gmer and avast for rootkit removal and they both got so far and then froze up and had to force a shutdown of the programs. What should I do?

I am in the middle of a semester right now and have a ton of assistive technology on my laptop and cannot afford to reformat at this time. Any other ideas?


My System SpecsSystem Spec
.
14 Jan 2014   #2
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Try TDSSKiller

TDSSKiller Download

When you run TDSS, click on the "change parameters" & check the box marked "Detect TDLFS File System"

If you want to be certain you have a rootkit, you can run a bootable partition manager called GParted. Make it on another PC & run it at boot. A rootkit will show up on the back of the drive as a hidden boot partition, usually between 1 - 10 MB.

GParted -- A free application for graphically managing disk device partitions
My System SpecsSystem Spec
15 Jan 2014   #3
robinb9

Windows 7 Pro 32/64 bit and Windows 10 Pro 32 Bit/64bit
 
 

you can also try Malwarebytes Rootkit Beta, I use it all the time when I suspect a rootkit on a clients machine
you can get it here

https://www.malwarebytes.org/downloads/#tools
scroll down till you see the BETA section
My System SpecsSystem Spec
.

16 Jan 2014   #4
bassdrv

Windows 7 64
 
 

Instead of creating a new thread, I thought I'd add to this one as I'm experiencing a similar issue.

I've done everything a basic user can do:

1.) Ran Malwarebytes Antimalware and found some things which it removed
2.) Ran Spybot S&D and found some things which it removed
3.) Ran Kaspersky TDSS Killer and found some things which were quarantined by ESET NOD32 Antivirus
4.) Ran GMER and it found 3 items in registry but didn't give me the option to remove?
5.) Ran GParted to see if there are any fishy partitions and there were none

After all this, the problem continues to persist. The reason I know it's still here is because Malwarebytes Anti-Malware system protection keeps popping up a window saying something is attempting an outgoing connection through 192.168.1.255. The port it is attempting to break through with is 137 and 138, most of the time, although I have seen a range of 5 different IP's thus far.

Anyone have any idea what this monster is? And how deep it is buried in my system?

I only began to notice these "hack attempts" after creating a new Wi-Fi network and changing the password. Is it possible that this parasite as been leeching off me the entire time before I killed the network and created a new one?
My System SpecsSystem Spec
16 Jan 2014   #5
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Quote   Quote: Originally Posted by bassdrv View Post
Instead of creating a new thread, I thought I'd add to this one as I'm experiencing a similar issue.

I've done everything a basic user can do:

1.) Ran Malwarebytes Antimalware and found some things which it removed
2.) Ran Spybot S&D and found some things which it removed
3.) Ran Kaspersky TDSS Killer and found some things which were quarantined by ESET NOD32 Antivirus
4.) Ran GMER and it found 3 items in registry but didn't give me the option to remove?
5.) Ran GParted to see if there are any fishy partitions and there were none

After all this, the problem continues to persist. The reason I know it's still here is because Malwarebytes Anti-Malware system protection keeps popping up a window saying something is attempting an outgoing connection through 192.168.1.255. The port it is attempting to break through with is 137 and 138, most of the time, although I have seen a range of 5 different IP's thus far.

Anyone have any idea what this monster is? And how deep it is buried in my system?

I only began to notice these "hack attempts" after creating a new Wi-Fi network and changing the password. Is it possible that this parasite as been leeching off me the entire time before I killed the network and created a new one?

Hi there, could i ask you to create a new thread please? It just avoids confusion with the OP's problem and yours. Thanks

Devlin
My System SpecsSystem Spec
16 Jan 2014   #6
bassdrv

Windows 7 64
 
 

Looks like I over reacted a bit there. After some googling, I found out that it was a Malwarebytes database update that was causing this to happen. After updating today, the problem has disappeared. Phew!
My System SpecsSystem Spec
Reply

 I think I have a rootkit




Thread Tools




Similar help and support threads
Thread Forum
Removing Rootkit
I scanned all of my drives with avast and it found one result, a rookit. When I try to remove it I get an error, saying that access is denied. How can I remove the rootkit properly? I'm aware that a common solution to this problem is to just wipe the drive, but I don't want to do that. The rootkit...
System Security
ZA Reg Rootkit???
cannot access the internet using any browser, need some help, see capture below: Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: N/A, hr = 0x8007043c Windows Product Key:...
System Security
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
Potential Rootkit
Hi, hopefully I've put this in the correct forum section, anyway I've just done a scan on a family members laptop with the latest version of Hitman Pro & its picked up a rootkit infection, the file is amstream.dll located in C:\Windows\System32, I've had a quick look at the file & uploaded it to...
System Security
rootkit
i heard rootkits cant install themselves on 64 bit OS'S, is this true?
System Security
Rootkit, Fix It and MSE Final?
Hi I am reading about these on the net and would like advice regarding them? Which is the best Anti-Rootkit software? Do I need it? And the Fix It package from MS, its Beta, so should I use it now? Any problems? MSE Final, I read here that there seems to be some issues?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:33.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App