Rootkit problems

Dick Jagger

Dick Jagger

New member
Member
Local time
1:37 PM
Messages
74
I got what I believe is a rootkit virus, RtkBtMnt.exe, that has installed itself in my temp folder and is associated with a running process Realtek HD Audio Data Rerouter. I don't think Realtek would design their program to run from the temp folder which is routinely cleaned.

I ran a full scan with MSE, which did not find it.
I ran Malwarebytes and used the Fileassassin tool to delete it but it doesn't stay deleted - reappears after rebooting.

There is also this txt file in the temp folder which also cannot be deleted: FXSAPIDebugLogFile.txt.

Any good trouble shooters here that can offer some suggestions?

Thanks.
 

My Computer

Computer Manufacturer/Model Number
Acer Aspire 4730Z
OS
Windows 7 Ultimate
CPU
Intel Pentium Dual CPU T3400 @ 2.16GHz
Motherboard
Acer Aspire 4730Z V1.22 GL40
Memory
4.0GB Dual-Channel DDR2 @ 332MHz
Graphics Card(s)
Mobile Intel(R) 4 Series Express Chipset Family 1309 MB
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
AOC 2795V
Screen Resolution
1920 x 1080
Hard Drives
500GB Hitachi HTS545050B9A300 ATA Travelstar

My Computer

Computer Manufacturer/Model Number
Toshiba P300
OS
Windows 8 Pro
CPU
Intel Centrino Dual Core P7450 2.13GHz
Memory
4gb
Graphics Card(s)
ATI Mobility Raedon HD3650
Hard Drives
Toshiba MK3252GSX ATA
Internet Speed
Wish it were faster
Thanks for your reply... but should it be running from the User/Temp folder and be completely un-deletable? I found this guy had a real problem with it:

Since it appears in the temp file, it starts creating labuage.bin files, useless foulders and rubbish that fill up your disk at great speed. If you try to delete it, you can't. Unlocker is useless against it. If you restart your pc in safe mode, file is unavailable, nor can it be found.
So far, the only I was able to do, was to open the task manager whenever I start my pc, and stop its process. That seems to stop its creating new rubbish.
I don't know why people that seem to know a lot, keep on stating it;s a normal process. No Realtek file is so protected, or installed in a temp folder. Please, post your solution if you happen to find it.
Also, in process explorer, it had a slightly different name than the HD Audio Control Panel process of which it is listed as a child (Realtek Semiconductor vs. Realtek Semiconductor Corp.)
ProcessEXP.jpg
 

My Computer

Computer Manufacturer/Model Number
Acer Aspire 4730Z
OS
Windows 7 Ultimate
CPU
Intel Pentium Dual CPU T3400 @ 2.16GHz
Motherboard
Acer Aspire 4730Z V1.22 GL40
Memory
4.0GB Dual-Channel DDR2 @ 332MHz
Graphics Card(s)
Mobile Intel(R) 4 Series Express Chipset Family 1309 MB
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
AOC 2795V
Screen Resolution
1920 x 1080
Hard Drives
500GB Hitachi HTS545050B9A300 ATA Travelstar
I had that a few months ago. I ended up having to delete the sound driver. Have not seen the process or item in my temp folder since. Not t worry the driver re-installs itself on reboot
 

My Computer

Computer type
PC/Desktop
OS
Windows xp Vista and 7
D/L & run TDSSKiller & see what it finds.

TDSSKiller Download

NOTE: When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
You must log in or register to reply here.
Back
Top