Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Possible rootkit infection?
« previous
next »
Print
Pages:
1
[
2
]
Go Down
Author
Topic: Possible rootkit infection? (Read 11925 times)
0 Members and 1 Guest are viewing this topic.
Rednose
Pirate Party Member
Avast Überevangelist
Massive Poster
Posts: 3739
Bits of Freedom : https://www.bof.nl
Re: Possible rootkit infection?
«
Reply #15 on:
March 20, 2015, 05:25:58 PM »
No,
Do you manage/own/control a web site ?
Greetz, Red.
Logged
OS
: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time
:
Avast Premium Security
On Demand
:
Malwarebytes
VPN
:
NordVPN
( NordLynx ) with Threat Protection ( Lite )
REDACTED
Guest
Re: Possible rootkit infection?
«
Reply #16 on:
March 21, 2015, 11:50:26 AM »
Yes I manage some sites ..
Wait are you suggesting that is possibly coming from one of the sites I have admin/ftp/cpanel access to? If yes how to figure out which site is causing the issue?
Logged
essexboy
Malware removal instructor
Avast Überevangelist
Probably Bot
Posts: 40589
Dragons by Sasha
Re: Possible rootkit infection?
«
Reply #17 on:
March 21, 2015, 01:19:02 PM »
Use zuluscaler to check the sites. Link in my post 11
Logged
REDACTED
Guest
Re: Possible rootkit infection?
«
Reply #18 on:
March 21, 2015, 02:06:24 PM »
ok i'll try it out.
Logged
REDACTED
Guest
Re: Possible rootkit infection?
«
Reply #19 on:
March 30, 2015, 10:59:18 AM »
The issue is back again ... avast started detecting since last night .. its flooding visrus chest.
As essexboy mentioned it could be something related to my web access I cross examed and created list of sites that I visited before past issues and this time:
http://zengreentea.com.au/
(ftp/cpanel access )
https://ua.siteground.com/
http://elitessp.co.uk/
(ftp/cpanel access )
https://hdwebprovider.com/
http://www.clipconverter.cc/
https://tinypng.com/
http://kit-i.ru/
And some other sites like dell,amazon but I highly doubt that they have compromised server to be sending malicious stuff.
http://xvideos.com/
http://tubenn.com/
http://www.cliphunter.com/
http://milfzr.com/
(adult sites, not sure if posting these urls allowed here but if its offensive, please feel free to remove .. just trying to help and figure out what could be causing this issue )
I really need this issue resolved and still no AV or other security tool can detect this thing, only avast seem to be able to detect its auto generated files .. but still cant detect the root .... please help
Any help is much appreciated.
Logged
essexboy
Malware removal instructor
Avast Überevangelist
Probably Bot
Posts: 40589
Dragons by Sasha
Re: Possible rootkit infection?
«
Reply #20 on:
March 30, 2015, 04:13:00 PM »
Have you checked the two sites where you have cp access with Zulu scaler ? As the files do have that virus characteristic
Logged
REDACTED
Guest
Re: Possible rootkit infection?
«
Reply #21 on:
March 30, 2015, 05:05:23 PM »
mostly it detects
"Suspicious Domain name URL Domain: com has suspicious character score"
"Suspicious Sub-Domain Name domain. has suspicious character score"
no actual threat detections yet.
whatever it is .. is still active and attacking my system ..
Logged
essexboy
Malware removal instructor
Avast Überevangelist
Probably Bot
Posts: 40589
Dragons by Sasha
Re: Possible rootkit infection?
«
Reply #22 on:
March 30, 2015, 05:42:08 PM »
OK lets work outside of windows
Create an emergency repair USB drive:
Download
Dr Web Live USB
to your desktop
Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
Launch drwebliveusb.exe.
The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
Files will be copied automatically.
Once the copying process is completed, press the Exit button to close the application.
Reboot the infected computer with the USB in the drive
Ensure that the first boot device is USB - If you are not sure about that then see
this page
for instructions
As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
Use arrow keys to select DrWeb-LiveCD (Default)
Press select objects for scanning
When the system is loaded, check the disks or folders you want to scan, and click on Start.
The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
When it has completed
Select Open Report and copy to the USB
Once completed reboot to normal windows, and attach the report here
Logged
REDACTED
Guest
Re: Possible rootkit infection?
«
Reply #23 on:
March 30, 2015, 07:51:55 PM »
Alright I'll scan and post back result.
BTW does it really take 21hours(based on the screenshot timer) to run a full scan?
Logged
essexboy
Malware removal instructor
Avast Überevangelist
Probably Bot
Posts: 40589
Dragons by Sasha
Re: Possible rootkit infection?
«
Reply #24 on:
March 30, 2015, 08:27:55 PM »
It could do as it will scan every file on the system. You could leave it run overnight
Logged
Print
Pages:
1
[
2
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Possible rootkit infection?