Author Topic: Rootkit, whistler detected (Read 4469 times)

Shoe326 · « **on:** April 30, 2011, 06:26:58 PM »

Can't seem to get rid of this problem. Don't really know what it does. I ran a couple of different scans and will attach the logs. Any help would be appreciated.

essexboy · « **Reply #1 on:** April 30, 2011, 06:54:23 PM »

Hi there whilst I look at the OTS log

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR Button

Save the log as before and post in your next reply

essexboy · « **Reply #2 on:** April 30, 2011, 06:59:38 PM »

Once you have rebooted from fixing the MBR - run this. On completion can you let me know what problems remain

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (CLTNetCnService) Symantec Lic NetConnect service [Auto | Stopped] -> 
[Files/Folders - Modified Within 30 Days]
NY ->  w6dak3i1gmd88gjinwo48abl2xgq64 -> C:\Users\Karen\AppData\Local\w6dak3i1gmd88gjinwo48abl2xgq64
NY ->  w6dak3i1gmd88gjinwo48abl2xgq64 -> C:\ProgramData\w6dak3i1gmd88gjinwo48abl2xgq64
[Files - No Company Name]
NY ->  w6dak3i1gmd88gjinwo48abl2xgq64 -> C:\Users\Karen\AppData\Local\w6dak3i1gmd88gjinwo48abl2xgq64
NY ->  w6dak3i1gmd88gjinwo48abl2xgq64 -> C:\ProgramData\w6dak3i1gmd88gjinwo48abl2xgq64
[Custom Scans]
YY ->  junction.exe -> C:\junction.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Shoe326 · « **Reply #3 on:** April 30, 2011, 07:00:38 PM »

Wow, thanks for the speedy response. Here is the next log.

essexboy · « **Reply #4 on:** April 30, 2011, 07:14:40 PM »

Once OTS has run its fix could you let me know what problems remain

Shoe326 · « **Reply #5 on:** April 30, 2011, 07:17:14 PM »

Here is the next OTS log, I will run avast scan and see if anything is detected now.

essexboy · « **Reply #6 on:** April 30, 2011, 07:20:37 PM »

Ok let me know the result

Shoe326 · « **Reply #7 on:** April 30, 2011, 08:14:53 PM »

Avast just finished a full scan without detecting anything. Looks like you've cured another one. Thank you very much.

essexboy · « **Reply #8 on:** April 30, 2011, 08:39:26 PM »

Run OTS and hit the cleanup button - then enjoy

argus · « **Reply #9 on:** April 30, 2011, 09:39:55 PM »

Only TDSS infection

Not interesting

essexboy · « **Reply #10 on:** April 30, 2011, 09:47:40 PM »

Not now that aswmbr hits the latest version

argus · « **Reply #11 on:** April 30, 2011, 10:04:56 PM »

so it is steel interesting

We steel have no TDSS, weak, and we use MBRcheck, but it is the same

luck33ro · « **Reply #12 on:** September 13, 2011, 07:14:44 AM »

I had same problem. Avast cant remove MBR: Wistler-B [rootkit]. Seems like Kapsersky free removal tool did it with a simple scan and then restart

Author Topic: Rootkit, whistler detected (Read 4469 times)

Shoe326

Rootkit, whistler detected

essexboy

Re: Rootkit, whistler detected

essexboy

Re: Rootkit, whistler detected

Shoe326

Re: Rootkit, whistler detected

essexboy

Re: Rootkit, whistler detected

Shoe326

Re: Rootkit, whistler detected

essexboy

Re: Rootkit, whistler detected

Shoe326

Re: Rootkit, whistler detected

essexboy

Re: Rootkit, whistler detected

argus

Re: Rootkit, whistler detected

essexboy

Re: Rootkit, whistler detected

argus

Re: Rootkit, whistler detected

luck33ro

Re: Rootkit, whistler detected