Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Possible rootkit infection?

14 Mar 2015   #51
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Request another UVK scan and create log just to get a look at your current setup.

On another note if everything is okay and there are no detections would you like to install Secure Aplus?

There's a few things you need to know:

The initial scan and whitelisting process is likely to take time - up to a couple of hours.

Once that's finished it needs configuring. Best configuration is to disable the internal AV and set it to trust processes by digital signature where the signature is in the trusted certificate list. That way if any unsigned executable attemps to run it will automatically be blocked and uploaded to VirusTotal and the results are displayed in a pop up box. You then get the option to allow the file if you want to allow it to run.

When installing trusted software there's various options:

Possible rootkit infection?-saplus.jpg

Let us know if you're interested. It checks all unsigned executables no matter how they're launched.




My System SpecsSystem Spec
.
14 Mar 2015   #52
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Avast settings?

Just a thought really but I wonder if it's possible that the whole problem is related to Avast settings?

It's a long time since I used Avast but as far as I can work out it can be set to scan inside packed archives (zips) and sensitivity level can be set. Those zip files you uploaded were fine but did contain folders for MAC OSX which shouldn't be a problem but maybe Avast just doesn't like the files or can't scan them.

Just as a test:

Try configuring Avast not to scan inside zipped files:

https://www.avast.com/en-us/faq.php?...KB178#artTitle



If all boxes are checked in the settings in the above screenshot - uncheck them leaving only the ones shown in the screenshot checked.

Also for the following screenshot check that your settings are the same as the ones shown:



I'm not sure if changing Avast settings requires a reboot. Anyway once settings are as above try downloading one or all of the zip files that you attached earlier to see if you get the same problem.

Note: If you Avast settings for packed archives are the same as shown then there's no point in trying the above steps.
My System SpecsSystem Spec
15 Mar 2015   #53
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

About avast, its already set to the settings you mentioned as default.

As for the secure APlus, what do you mean by "Best configuration is to disable the internal AV and set it to trust processes by digital signature where the signature is in the trusted certificate list." .. it disables AV and something like replace it?

I'm gonna try ccleaner registry clean @Borg 386 suggested .. will post back UVK scan results afterwards.
My System SpecsSystem Spec
.

15 Mar 2015   #54
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

cleaned registry ..
@Borg 386
Just wondering something, it could be just me but after registry clean + system restart(cold boot) .. it seems in firefox(no script installed) .. is working a bit .. i mean slightly slower, not that ts causing a big fuss, just wondering .. is it normal(as we messed with registry i wanna be on the safe side .. is all)?

ADW log attached
UKV scan log attached

@Callender
Should I remove the other detections(mentioned in page5) from UVK adware killer?


Attached Files
File Type: txt AdwCleaner[R2].txt (1.5 KB, 1 views)
File Type: txt UVK - Ultra Virus Killer Log.txt (330.1 KB, 1 views)
My System SpecsSystem Spec
15 Mar 2015   #55
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Re: AdwCleaner - your latest log. It's fine. Those detections appear to be related to Internet Download Manager so if you use it no furter action is needed.

Re: UVK log. I'll take a look at it and let you know if I can spot anything.

Re: Secure Aplus. Sorry for the confusion. It has it's own built in secondary AV and real time AV scanning but it's based on ClamWin and although it could be used alongside Avast it's best to disable the Secure Aplus AV entirely but enable the Application Whitelisting component if using this software.

There's no real need to install Secure Aplus but the Application Whitelisting feature is very good at detecting unsigned executables, PUP installers or anything else dodgy that attempts to run. It works alongside your existing AV. It was mentioned as something to think about regarding additional protection if you think you need it.
My System SpecsSystem Spec
15 Mar 2015   #56
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Re: UVK log. Nothing dodgy found.
My System SpecsSystem Spec
15 Mar 2015   #57
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

If you cleaned the reg with CCleaner & all is running good, then that's a good sign, just hang on to the backed up removed reg files for a bit. NoScript shouldn't slow down FF. But I couldn't tell you if it actually does because I've used NoScript since day 1 & I have no basis for comparison. You can always look at your sys with process explorer to see if anything is causing a drain.

+1 Callender
My System SpecsSystem Spec
15 Mar 2015   #58
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Just for information

Here's a video demo of Secure Aplus Appication Whitelising in action.

Explanation:

Comodo is onboard AV. Downloaded Crypto locker for test purposes. Comodo detects it and I choose to allow CryptoLocker to run since we need to test what happens next.

Around 42s in the video you see Secure Aplus spring into action. Comodo now allows Cryptolocker to run but Secure Aplus detects the file attempting to run and temporarily blocks it and uploads to VirusTotal for scanning. Reports a threat. I then choose to allow the file to run.

Around 1 minute in the video you see VoodooShield temporarilly block CyptoLocker and then scan it. Around 1min 15s you see another VoodooShield alert and I quarantine the file.

Around 1 minute 46 seconds you see Secure Aplus detecting VoodooShield Quarantine procees. I choose to allow.

At various other points in the video you see Comodo's on access file scan spring into action and I have to keep telling Comodo to ignore the detection.

So what's the point? Well if my onboard AV misses something it won't sneak through the additional protection and in fact remains blocked from running at all.

My System SpecsSystem Spec
15 Mar 2015   #59
gabe22

Windows 7 Home Premium, Version 6.1 (Build 7601: Service Pack 1)
 
 

I see what you're saying there .. and I totally agree with you. Is this the correct download url: https://secureaplus.secureage.com/Ma...s_download.php ?

Also do I have to disable all present security systems that I have on my systems right now .. or after install white listing them would work?
My System SpecsSystem Spec
15 Mar 2015   #60
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Well the correct download is bottom right of the page - click "need offline installer" then version "Without offline AV" but I suggest avoiding that download for now. If you want to install it it will take some time to whitelist everything. It might take a couple of hours. If you want to go ahead I'll PM you a link to download a slightly older version that in my opinion works better than the one that's currently available. If you decide to install it it will require a little configuration after the initial whitelist process has finished.

Sending PM with download link.
My System SpecsSystem Spec
Reply

 Possible rootkit infection?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Malware or Rootkit infection?
I originally had a thread in BSOD but was told to come here now after getting rid of BSOD's (http://www.sevenforums.com/bsod-help-support/286676-blue-screens-pop-ups-galore-ntoskrnl-exe.html#post2367597) Here are rouge killer and TDSS Logs RogueKiller V8.5.4 by Tigzy mail :...
System Security
W7 64-bit possible rootkit infection Error Code 0x80070424 on Firewall
Hi there I've been experiencing some weird problems where a 'System64' folder has been created in my Windows folder, when I am running Windows 7 64-Bit, I am led to believe that there should be no folder called 'System64' - instead there's just system32 & SysWOW64 (am I correct in that?) ...
System Security
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
HD plus Motherboard rootkit infection
If both a HD and the motherboard firmware are infected by a trojan virus, how does one go about disinfecting? For the Mobo, does a Bios flash with updates take care of it? But which one to do first? It seems that upon wipe/reinstall, the HD could get infected immediately again by the Mobo, and...
System Security
Possible rootkit infection - Error Code 0x80070424 with Windows
I cannot open Firewall, Defender or any security functions within windows without this error message popping up. However, I have run Anti-rootkit utility TDSSKiller as well as Sophos anti-rootkit, but they both say that my machine is clean. I am running Win 7 64 bit. I read this in another...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:37.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App