I think I have a rootkit


  1. Posts : 5
    Windows 7 Home Premium x64
       #1

    I think I have a rootkit


    I am almost positive that I have a rootkit. I know this because it has happened before. I tried both gmer and avast for rootkit removal and they both got so far and then froze up and had to force a shutdown of the programs. What should I do?

    I am in the middle of a semester right now and have a ton of assistive technology on my laptop and cannot afford to reformat at this time. Any other ideas?
      My Computer


  2. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #2

    Try TDSSKiller

    TDSSKiller Download

    When you run TDSS, click on the "change parameters" & check the box marked "Detect TDLFS File System"

    If you want to be certain you have a rootkit, you can run a bootable partition manager called GParted. Make it on another PC & run it at boot. A rootkit will show up on the back of the drive as a hidden boot partition, usually between 1 - 10 MB.

    GParted -- A free application for graphically managing disk device partitions
      My Computer


  3. Posts : 1,219
    Windows 7 Pro 32/64 bit and Windows 10 Pro 32 Bit/64bit
       #3

    you can also try Malwarebytes Rootkit Beta, I use it all the time when I suspect a rootkit on a clients machine
    you can get it here

    https://www.malwarebytes.org/downloads/#tools
    scroll down till you see the BETA section
      My Computer


  4. Posts : 5
    Windows 7 64
       #4

    Instead of creating a new thread, I thought I'd add to this one as I'm experiencing a similar issue.

    I've done everything a basic user can do:

    1.) Ran Malwarebytes Antimalware and found some things which it removed
    2.) Ran Spybot S&D and found some things which it removed
    3.) Ran Kaspersky TDSS Killer and found some things which were quarantined by ESET NOD32 Antivirus
    4.) Ran GMER and it found 3 items in registry but didn't give me the option to remove?
    5.) Ran GParted to see if there are any fishy partitions and there were none

    After all this, the problem continues to persist. The reason I know it's still here is because Malwarebytes Anti-Malware system protection keeps popping up a window saying something is attempting an outgoing connection through 192.168.1.255. The port it is attempting to break through with is 137 and 138, most of the time, although I have seen a range of 5 different IP's thus far.

    Anyone have any idea what this monster is? And how deep it is buried in my system?

    I only began to notice these "hack attempts" after creating a new Wi-Fi network and changing the password. Is it possible that this parasite as been leeching off me the entire time before I killed the network and created a new one?
      My Computer


  5. Posts : 1,413
    Windows 7 Home Premium 64Bit
       #5

    bassdrv said:
    Instead of creating a new thread, I thought I'd add to this one as I'm experiencing a similar issue.

    I've done everything a basic user can do:

    1.) Ran Malwarebytes Antimalware and found some things which it removed
    2.) Ran Spybot S&D and found some things which it removed
    3.) Ran Kaspersky TDSS Killer and found some things which were quarantined by ESET NOD32 Antivirus
    4.) Ran GMER and it found 3 items in registry but didn't give me the option to remove?
    5.) Ran GParted to see if there are any fishy partitions and there were none

    After all this, the problem continues to persist. The reason I know it's still here is because Malwarebytes Anti-Malware system protection keeps popping up a window saying something is attempting an outgoing connection through 192.168.1.255. The port it is attempting to break through with is 137 and 138, most of the time, although I have seen a range of 5 different IP's thus far.

    Anyone have any idea what this monster is? And how deep it is buried in my system?

    I only began to notice these "hack attempts" after creating a new Wi-Fi network and changing the password. Is it possible that this parasite as been leeching off me the entire time before I killed the network and created a new one?

    Hi there, could i ask you to create a new thread please? It just avoids confusion with the OP's problem and yours. Thanks

    Devlin
      My Computer


  6. Posts : 5
    Windows 7 64
       #6

    Looks like I over reacted a bit there. After some googling, I found out that it was a Malwarebytes database update that was causing this to happen. After updating today, the problem has disappeared. Phew!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:41.
Find Us