Guest Yvonne York Posted September 22, 2008 Posted September 22, 2008 GMER 1.0.14.14536 After scanning with Gmer a window popped-up indicating: GMER Warning !!! GMER has found system modification caused by ROOTKIT activity. [unquote] I examined all items and there one (1) item shown in red letters. Type: Libary Name: C:\Documents [ hidden ] @ C:\Documents[2216 Value: 0x00400000 I assume that this item is the culprit in question. I request guidance as how to proceed and eliminate this rootkit. TIA Quote
Guest David H. Lipman Posted September 22, 2008 Posted September 22, 2008 From: "Yvonne York" <Yvonne@home.com> | GMER 1.0.14.14536 | After scanning with Gmer a window popped-up indicating: | | GMER | Warning !!! | GMER has found system modification caused by ROOTKIT activity. | [unquote] | I examined all items and there one (1) item shown in red letters. | Type: Libary | Name: C:\Documents [ hidden ] @ C:\Documents[2216 | Value: 0x00400000 | I assume that this item is the culprit in question. I request guidance as | how to proceed and eliminate this rootkit. | TIA Please post in the below expert forum where you can get expert advice. http://www.thespykiller.co.uk/index.php?board=3.0 NOTE: Registration is REQUIRED in the forum before posting a log. Note in your post that I sent you there. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest kalyan Posted September 22, 2008 Posted September 22, 2008 Hi pl post the log file for analysis If you are not able to remove the rootkit try this http://download.nai.com/products/mcafee-av...itDetective.zip http://www.sophos.com/products/free-tools/...otkit/download/ http://research.pandasecurity.com/blogs/im...AntiRootkit.zip -- Warm Regards Kalyan "Yvonne York" <Yvonne@home.com> wrote in message news:5EE3063A-6316-46EB-A900-603FE8BA4FB4@microsoft.com...<span style="color:blue"> > GMER 1.0.14.14536 > > After scanning with Gmer a window popped-up indicating: > > > GMER > Warning !!! > GMER has found system modification caused by ROOTKIT activity. > [unquote] > > I examined all items and there one (1) item shown in red letters. > Type: Libary > Name: C:Documents [ hidden ] @ C:Documents[2216 > Value: 0x00400000 > > I assume that this item is the culprit in question. I request guidance as > how to proceed and eliminate this rootkit. > > TIA </span> Quote
Guest David H. Lipman Posted September 22, 2008 Posted September 22, 2008 From: "kalyan" <reach2kalyan@live.com> | Hi | pl post the log file for analysis / NOT HERE ! / -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest David H. Lipman Posted September 25, 2008 Posted September 25, 2008 From: "Yvonne York" <Yvonne@home.com> < snip > | I examined all items and there one (1) item shown in red letters. | Type: Libary | Name: C:\Documents [ hidden ] @ C:\Documents[2216 | Value: 0x00400000 < Snip > Please return to the thread you started. The above in combo with... O23 - Service: GEIF - Unknown owner - C:\DOCUME~1\TRAVEL~1\LOCALS~1\Temp\GEIF.exe (file missing) Is indicative of malware and possibly a RootKit as suspected. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.