issue with win32:roothkit-gen (rtk)

[micky77]

Yes this looks like a tdss rootkit, Drweb is well worth trying as its had some success recently.( it can repair infectedlegit sys files,like atapi.sys ) As for Rootrepeal Open the program > click report > scan > tick all the boxes > ok > tick C drive, post the log as an attachment in 'additional Options.'

[james_uk]

hi, thanks for your reply, i am running dr web as we speak, it has initialy found what it says is a backdoor.tdss.565 in the system32\svchost.exe file although i am still gettin avast sayin it keeps finding the same issues in the temp file, dr web says its eradicated this issue but still seems its coming back, i did do a quick scan with dr web before and it found the same as i have just decribed as above in the system32 folder, so it seems when it fixes the problem it just comes back somehow.

i have joined the forum that was mentioned and awaiting feedback from there.

also rootrepeal will not work on my laptop, each time i open it i get errors saying differnet thigns have failed to load, and as i try to do a scan it says it cant find the driver to work, i even got a blue screen from tryin to use it.

dr web is doing a ful scan at the mo and seemed like its gonna take a good hour or more to finish, i will let you know how i get on, this software has at least fond something in my system32 folder anyway, just makes me wonder why avast cant?

[micky77]

I should have suggested running DrWeb in safe mode, sorry

[james_uk]

thanks i will try in safe mode later, i am in work at the moment, i had left the house this morning with my laptop doing a boot scan with avast, dr web didnt get rid of the problem running in windows normal mode, will try safe mode later though, i really want to clean this without having to fo a format

[micky77]

Only use the f8 key method to enter safe mode, NOT msconfigMake sure you download the newest version of DrWeb.The initial scan is a quick one.When it has finished, do a complete one then reboot.
If this fails , the only other options are Combofix, which has been removed temporarily from bleeping computer because of issues with a rootkit ( probably yours   )  So you will have to wait until its sorted.

The other tool  (which I am unfamiliar with), is TDSS Killer from Kaspersky
Someone on the other forum may help or suggest that http://support.kaspersky.com/viruses/solutions?qid=208280684

[james_uk]

Hi, just a quick update, hopefuly im not replying to fast lol

i have run avast boot scan while ive been at work, when i got in i rebooted and downloaded tdss killer as suggested by micky, im doubting avast boot scanner found anything, maybe it did i dont know, but tdss did find something within 1 second and only took about 2 secs to finish, after it finished it showed 2 objects in memory and said it had got rid of them, up to now nothin seems to have popped up from avast, and i have re-run tdss and its not found anything since.

so it looks good for now, thank you very much for everyones advice will be back im sure if anything comes back.

james

[micky77]

I would still try DrWeb again to see if anything shows.Also if you posted on Geeks to go, please follow it up, they have many experts