Win32:Rootkit-gen [Rtk]; Gone or Still Around with Avast!

[Jobber]

I use Google Chrome as my search engine, and I've noticed for weeks it freezes up, so I have to close the browser and start again, and then maybe after 7 tabs are open, it freezes again and I have to close, etc. etc.


Also, sometimes images on websites won't appear and I get the small dead white and blue box instead of an image.

I also cannot Copy Images suing the computer mouse and paste them in emails and at website forums.



I've used all the standard good Anti-Virus programs (Avast!; MBAM; Super Anti-Spyware),  but these don't seem to be detecting anything substantial.



But a few weeks ago, on 2/12/14 using Avast! I did find a Rootkit on my computer which I Moved To Chest (see attachments).


Also, I tried to download the OTL program and when I do I receive a Security Notice which states my Security settings "do not allow this file to be downloaded".


I've had this same Security message appear before when trying to download some standard programs.

I had my computer fixed back in October, 2013 and it seems like the Computer Repairman used a torrent version of Windows 7 which makes me wonder if the Windows 7 I have installed on my computer is a legitimate version of Windows 7. I don't know. That may be part of the problem with having difficulty downloading the OTL program.



1) Did Avast! get rid of the Win32:Rootkit-gen [Rtk] when it Moved it to Chest back on 2/12/14 or does more need to be done???


2) Is there anything I can do to adjust my Security Settings so I can download the OTL program???

[Michael (alan1998)]

http://forum.avast.com/index.php?topic=53253.0

Attach OTL and aswMBR. THen we can check for Rootkits.

[Jobber]

http://forum.avast.com/index.php?topic=53253.0

Attach OTL and aswMBR. THen we can check for Rootkits.

OK, I'm getting that same Security Message which is preventing me from downloading OTL and I get it using BOTH of the provided links:

THEN

Download OTL  to your Desktop
Secondary link www.itxassociates.com/OT-Tools/OTL.exe

Anyway I can pass this Security Message???


I have Windows 7 as my O.S.

[essexboy]

Try this programme

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please attach log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

[Michael (alan1998)]

Listen to Essexboy from now on. He is way more trained then I.

But I already see 1 issue. You are using an illegal program in most countries.

- uTorrent

This is most likely where the infection came from and I recommend you discontinue it's use immediately.

http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
http://usatoday30.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
http://www.infoworld.com/d/security-central/update-seattle-man-arrested-p-p-id-theft-103

[Jobber]

Try this programme

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please attach log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

Awwww, geez, I'm still getting that Security message from my system which was preventing me from downloading OTL, as well as the Farbar Recovery Scan Tool as well now.

[Michael (alan1998)]

Essex is asleep. Boot into SAfe Mode w/ networking and try then.

[essexboy]

What version of windows do you have i.e. 32 or 64bit ?

[Jobber]

What version of windows do you have i.e. 32 or 64bit ?

I have Windows 64bit as my O.S.

[essexboy]

Do you have the windows CD or is there the option repair my computer on your safe mode menu

[Jobber]

Do you have the windows CD or is there the option repair my computer on your safe mode menu

Yeah. I have a Windows 7 CD Home Edition I bought at the store originally; that was before my computer was repaired and the repair person installed whatever type of Windows 7 he had in his possession.


So the current version of Windows 7 I have WAS NOT installed using that bona fide Windows 7 CD Home Edition Disc.


IDK what the Repair Technician used to install Windows 7 on my computer.





I'd have to go into Safe Mode to find out; really haven't been there much but I think it offers some options to "repair the computer".

I think I tired Safe Mode back in October, 2013 when the entire system crashed.


Do you want me to go into Safe Mode??


If I have to download those programs in Safe Mode, do I run them in Safe Mode as well???


I haven't yet  tried downloading OTL or Farbar Recovery Tool in Safe Mode.

[essexboy]

OK I would like you to boot from the CD but first download a small programme to a USB drive

Farbar Recovery Scan Tool x64 


Start from the CD
 
 
When you reboot you will  see this although yours will say windows 7.
 Click repair my computer  
 
 
Select your operating system  
 
 
Select Command prompt 
 

Insert the USB with FRST on it
 
At the command prompt type the following  :
 
notepad and press Enter. 
The notepad opens. Under File menu select Open. 
Select "Computer" and find your flash drive letter and close the notepad. 
In the command window type e:\frst64.exe and press Enter 
Note: Replace letter e with the drive letter of your flash drive. 
The tool will start to run. 
When the tool opens click Yes to disclaimer. 

Press Scan button. 
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.