Zero Access Rootkit??? Please help

[essexboy]

All the dump files relate to the  scsiport.sys driver

Have you added any new cards recently ?

[qim]

No. And as I wrote before I do not have arescue disk. The computer is a Compaq Mini. What can I do now? replace the driver, but from where?

The only things that have been ibnstalled in the computer, but not recently was an external drive and an external disk. This is my wife's computer. She is out and I will ask her later if she installed anything, but I doubt it.

I have now changed the boot.sys but still can´t go directly into windows: only safe mode. I guess the next stage is to repair the driver. Hope you can help. I downloaded a DriverScanner but after telling me that I have 18 old drivers asked for money... In any case, HP has a page for downloading drivers for this computer. They all look pretty ancient anyway, and besides I could not get the site to work.

I have a scsiport.sys in Windows\system32\drivers, but seems to be the only one.

Thanks for your help

qim

[essexboy]

OK we will use Drivermax..  This allows two free driver updates per day.

When you install the programme it will offer AVG searchbar untick that as you do not want it

Download Drivermax from here http://www.innovative-sol.com/drivermax/

When the scan is complet could you screenshot all the out of date drivers and we will then select the right one to get

[qim]

Thanks Essexboy


before we go ahead I looked on the net and found


http://www.faultwire.com/file_detail/scsiport.sys*6501.html

The size (96384) and version are the same as my file. The date is only two days off at 16/4/2008

Maybe the problem is withthe other files it works with, as this one does not seem to be damaged if the size means anything

qim

[essexboy]

That is four years old though.. 

[qim]

Sorry about delay.

Unable to send screen shots via Word as file too big

I am going to list drivers that need updating;
NVIDIA ION LE
Bridge PCI padrão PCI-para-PCI
Controlador de rAM PCI padrão
NVIDIA nForce PCI system management
IDT G«High definition Audio Codec
Nvidia nForce Sysr«tem management Controller
Nvidia High definition Audio
NVidia Network Bus enumerator
bridge PCI ISA padrão
Controlador de barramento UAA da Microsoft para High definition
Broadcom 802.11b/g WLAN
NVIDIA nForce Serial ATA Controller
Dispositivo USB de interface humana
Controlador anfitrião padrão avançado PCI para USB
Controlador de sistema anfitrião USB OpenHCD padrão
rato compativel com HID

Please let me know if you can't understand the portuguese names.


qim

[essexboy]

Nvidia nForce System management Controller
NVIDIA nForce PCI system management

Install the above two initially

[qim]

Hi Essexboy

I'm afraid I'm not very good at this. I downloaded both drivers to the Desktop, and went into Device Manager, but can´t see exactly what I'm supposed to update as the itmes do not have the same name. For instance, I have several nVidia but nothing with those names. I thought the download would have done it all for me...

In fact, I think it does. Forget the above.

qim

[qim]

Ok, drivers downloaded, but nothing has changed. Should I uodate a couple more? Which ones?

I managed to download 4 more nVidia drivers:ION LE; and High Definition Audio; and Network Bus Enumerator, and nForce Serial ATA Controller. May I install them?


qim

[essexboy]

Yes but unfortunately with the free version you can only do two a day

[qim]

Ok, so i'll wait till morning. I now have the rest of th nVidia on the Deskrtop. Anything else I should do?

qim

[essexboy]

At the moment untill the drivers are updated very little

[qim]

Thanks a lot Essexboy for yoiur help

Good night

qim

[qim]

Hi Essexboy

While I'm waiting to be allowed further driver upgrades, I looked at EventViewer and found something odd. From 28Aug on a daily basisi there were errors 6161 and 19 connected to print on brother MFC215C. This stopped exactly when the DCOm (10005) started, although these may be due to starting in safe mode. It so happens that this computer is in Andorra and the printer is in Oxford! Besides, this computer has not been connected to any printer for months.

Then, if I look at Printers and Faxes, the page is empty. There should have been at least an icon for the MFC215C, and of course the icon for adding new printers.

Could it be that this was what caused the driver problems? The SCSI driver is needed for transferring data between peripherals, and may be the problem was the transfer between the computer and the printer, even if this was not attached (e.g asked to print by mistake).

Even though the driver seems to be not damaged it may have provoked mayhem elsewhere.

Does it make sense?

I have also found that I am unable to uninstall Vodafone Dongle installation and the registry has thousands (I mean thousands) of entries connected to Vodafone. My wife installed voip about a month or two agao and I wonder of this together with Vodafone and Skype are feating conflicts. Do you know how to get rid of Vodafone from the system?


qim

[qim]

Hi Essexboy

I've been messing around with the computer and instead of making things worse as it usually happens, a miracle happened and I got into Windows without Safe Mode and Windows Update is now working. Apart from what I wrote in the previous post, I uninstalled Outpost which was not being used anyway. As it uninstalled it asked to reboot and, hey presto, I was back in business.

 before, I tried Gmer again to see if I could understand what was happening. In System, it crashed when it was looking at System/something/ SCSI/something. A blue screen came up and stayed long enough foe me to read, but it was so unexpected that I did not see anything. I tried again and this time I got Driver IRQL less than equal, or something like that. Then, I tried Registry without any problems, but when I scanned files, like yesterday and before the system shuts off half way through. I am attaching some logs, which mention an AVG Driver prompting to see if it was in Add/Remove progs (I found Outspost instead)  that may make some sense to you, but as I am writing from another compuer while the bad one is takinga long time with Windowsd Update, I will attach them to this post later. I have no AVG prog, maybe I had it in the past.

qim