Contact Us

Home > I Was > I Was Told To Post Here Because My GMER Log Was Suspicious

I Was Told To Post Here Because My GMER Log Was Suspicious

Sign in to follow this Followers 3 Go To Topic Listing Resolved Malware Removal Logs Recently Browsing 0 members No registered users viewing this page. As said, all issues are handled as fast as possible, and none has priority over another. 9. But why not export the keys and save the keys for needed? RR pins the date on April.

Thank you. Some links indicate that when a rootkit is found, GMER displays '-- Rootkit' or similar, but I can't be sure it s a original display. Allow yourself all permissions, not just the System. No not different from the screenshot except the entire hex strings are listed.

This rootkit enables remote control of my PC over the Internet and creates an "unallocated" area at the end of the disk which I think to be an encrypted partition. Share this post Link to post Share on other sites Willlb 0 Newbie Regular Bitdefender Poster 0 25 posts Posted December 4, 2011 Hello, would you please teach me how Good to see you pinned it down :) jafofubarJuly 2nd, 2008, 08:11 AMHi, I see references to RAdmin in the registry of course but not the ones you're seeing (I'm going oldsodJune 29th, 2008, 11:12 PMMy favorite trick is copy the key directly from the registry and stick the whole key intp Google and let it go and see what comes up.

They appear to be related to the RSA key I used. This is because I need some time to analyse them and then act accordingly. I saw the NOD link earlier. Also verify your firewall permissions as stated in this

Oldsod. I'm a tech, and one of the first thing I learned was to always confirm, never assume, and always valid the facts myself, otherwise, these are just assumptions and in the Can't delete key. "You do not have permission to view the current permission settings for RAdmin, but you can make permission changes" eh????. What is probably happening - BIOS tries to boot from the second drive, malicious code from the partition table/boot sector is executed and is spread(at least Mebroot is known to do

Making sure you have the latest v. 2.0.4, post a log at the one of the forums listed on the left-hand side of this page. How do you know that the Windows XP SP3 computer is also infected? I was told to post here because my GMER log was "suspicious" Started by elybeit09 , Jul 21 2011 12:54 AM « Prev Page 6 of 6 4 5 6 This On this Windows installation I have run GMER and aswMBR beforehand, logs attached.

If you want a complete control and a "clean up", first disable all of the security and known updaters from starting with windows. The following will help with routing table issues... 1. Therefore, you may receive your answer immediately, but it may also take several days just as well. 12. Thank you for your time, and feel free to correct me.

ID: 7   Posted September 22, 2016 TDSSKiller Download TDSSKiller from BleepingComputer, then move the executable file on your Desktop; Right-click on tdsskiller.exe and select Run as Administrator (for Windows Vista, It sounds to me like something bad's lurking around and it scares me a bit. First and foremost, this is a support forum for Bitdefender. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Here are the otl and mbam logs. The use of images taken from other users of this forum. Name it fixlist (make sure it's a .txt file) and press on Enter; Open the file you just created and copy/paste the content below in it, then save it (Ctrl + Share this post Link to post Share on other sites Aura    Special Ops Trusted Advisors 3,021 posts Location: Québec, Canada Interests: Technical Support, Malware Removal & Analysis, Information Security, Gaming.

Without Network, I guess. And it's still nothing. I can't install what I want to install (SSM) with a trojan around.

You'll need to wait about 4 days for help but well worth it.

Register a free account to unlock additional features at Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Share this post Link to post Share on other sites Willlb 0 Newbie Regular Bitdefender Poster 0 25 posts Posted December 4, 2011 Thanks a lot. No option helped - safe mode, repair, last working config, not even a repair from an installation disk and bootrec commands. But the Sysinternals RootkitRevealer stumbled onto one entry which is a puzzler.

Attach the "gmerlog.log" file to the reply to this post. [How to take samples with GMER] . Topic titles must be as concise as possible, and starting posts must provide relevant information on the issues included, to ensure a fast and precise response from those who are willing Oldsod." I see it now. And I am trying to use Windows 7.

Logged essexboy Malware removal instructor Avast Überevangelist Probably Bot Posts: 40699 Dragons by Sasha Re: My gmer and hijackthis log files can someone take a look « Reply #14 on: May Less is often more and often the better is freeware (although freeware is not usually allowed for business/enterprise). by Carol~ Forum moderator / July 4, 2010 3:03 PM PDT In reply to: stil happening Tiger..Give the below tools a try. I avoid using IE8.

If you did a clean reinstall of Windows, the MBR is destroyed and a new one is created, so any rootkit present in it will be wiped. But can't remove the key(s). There's a Famatek site promoting a product by that name, but I never had any such thing on this computer, or any other for that matter. Other programmes trigger Ashampoo for authorisation of programmes however AVG8 does not trigger Ashampoo Firewall permission box.

I had to disconnect my two hard drives, and my CD-DVD player for the upgrade to go through. ID: 6   Posted September 22, 2016 (edited) Looks like MBRScan didn't return a good log. The standard registry backup options that come with Windows back up most of the registry but not all of it. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both

We'll also run a TDSSKiller scan (to search for rootkits). Brian Cooley found it for you at CES 2017 in Las Vegas and the North American International Auto Show in Detroit. Yeah, RAdmin does appear to be a legit thing, but then one would expect normal entries, such as v2 and following, rather than the unicode gibberish. I am following one particular thread called "iexplore keeps popping up" then I will post my logs on that forum as soon as gmer is finished.

Would it make sense to System Restore to before the first attempt at installing AVG 8 Free then un-install AVG 7.5 free before again downloading a fresh copy of AVG 8 Not only that, but they are also getting outdated, even if they did work at the time they were released. Quote So what the vector of (re?)infection would be? Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015 Back to top BC AdBot (Login to Remove) Register to remove ads #77 elybeit09 elybeit09 Topic Starter Members 83 posts

Register now! They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Thank you. March 31, 2009 16:46 Re: Update fails #5 Top jonath Senior Join Date: 31.3.2009 Posts: 32 Sorry for omissions - now collected here I hope. Two items aren't revealed unless I buy that product :( I ran a CATCHME scan (also from gmer).