I think I have a rootkit

[liloicutie]

I am almost positive that I have a rootkit. I know this because it has happened before. I tried both gmer and avast for rootkit removal and they both got so far and then froze up and had to force a shutdown of the programs. What should I do?

I am in the middle of a semester right now and have a ton of assistive technology on my laptop and cannot afford to reformat at this time. Any other ideas?

 

[Borg 386]

Try TDSSKiller

TDSSKiller Download

When you run TDSS, click on the "change parameters" & check the box marked "Detect TDLFS File System"

If you want to be certain you have a rootkit, you can run a bootable partition manager called GParted. Make it on another PC & run it at boot. A rootkit will show up on the back of the drive as a hidden boot partition, usually between 1 - 10 MB.

GParted -- A free application for graphically managing disk device partitions

 

[robinb9]

you can also try Malwarebytes Rootkit Beta, I use it all the time when I suspect a rootkit on a clients machine
you can get it here

https://www.malwarebytes.org/downloads/#tools
scroll down till you see the BETA section

 

[bassdrv]

Instead of creating a new thread, I thought I'd add to this one as I'm experiencing a similar issue.

I've done everything a basic user can do:

1.) Ran Malwarebytes Antimalware and found some things which it removed
2.) Ran Spybot S&D and found some things which it removed
3.) Ran Kaspersky TDSS Killer and found some things which were quarantined by ESET NOD32 Antivirus
4.) Ran GMER and it found 3 items in registry but didn't give me the option to remove?
5.) Ran GParted to see if there are any fishy partitions and there were none

After all this, the problem continues to persist. The reason I know it's still here is because Malwarebytes Anti-Malware system protection keeps popping up a window saying something is attempting an outgoing connection through 192.168.1.255. The port it is attempting to break through with is 137 and 138, most of the time, although I have seen a range of 5 different IP's thus far.

Anyone have any idea what this monster is? And how deep it is buried in my system?

I only began to notice these "hack attempts" after creating a new Wi-Fi network and changing the password. Is it possible that this parasite as been leeching off me the entire time before I killed the network and created a new one?

 

[ShamrockRig]

Instead of creating a new thread, I thought I'd add to this one as I'm experiencing a similar issue.

I've done everything a basic user can do:

1.) Ran Malwarebytes Antimalware and found some things which it removed
2.) Ran Spybot S&D and found some things which it removed
3.) Ran Kaspersky TDSS Killer and found some things which were quarantined by ESET NOD32 Antivirus
4.) Ran GMER and it found 3 items in registry but didn't give me the option to remove?
5.) Ran GParted to see if there are any fishy partitions and there were none

After all this, the problem continues to persist. The reason I know it's still here is because Malwarebytes Anti-Malware system protection keeps popping up a window saying something is attempting an outgoing connection through 192.168.1.255. The port it is attempting to break through with is 137 and 138, most of the time, although I have seen a range of 5 different IP's thus far.

Anyone have any idea what this monster is? And how deep it is buried in my system?

I only began to notice these "hack attempts" after creating a new Wi-Fi network and changing the password. Is it possible that this parasite as been leeching off me the entire time before I killed the network and created a new one?

Hi there, could i ask you to create a new thread please? It just avoids confusion with the OP's problem and yours. Thanks

Devlin

 

[bassdrv]

Looks like I over reacted a bit there. After some googling, I found out that it was a Malwarebytes database update that was causing this to happen. After updating today, the problem has disappeared. Phew!