Poll

Wanna buy me a new computer? >.<

yes
Yes

Author Topic: ROOTKIT NTNDIS.EXE - STILL NOT FIXED >.<  (Read 11646 times)

0 Members and 1 Guest are viewing this topic.

ardvark

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #15 on: February 04, 2009, 10:01:42 AM »
I'll do that

Hi...

Let us know the results. :)

Or You can be really nice =P I'm too young to buy anything  :P

I think your hardware is fine, it's just the OS that needs repaired or reinstalled. ;)

blacklight in safe mode, doesn't work

Ok, how about Trend Micro's Rootkit-Buster?

Best Regards...

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #16 on: February 04, 2009, 10:10:29 AM »
Sorry, was waiting for a reply, But I only just saw the second page  ;D

I don't think Trend Micro works, Tcomm service doesn't work >.^?!?!

ardvark

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #17 on: February 04, 2009, 10:15:03 AM »
Sorry, was waiting for a reply, But I only just saw the second page  ;D

I don't think Trend Micro works, Tcomm service doesn't work >.^?!?!

Hi...

Not a problem. :)

Ok, we'll see if MalwareBytes will delete it. We have to get rid of the infection first before running chkdsk, otherwise it will do no good.

Best Regards...

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #18 on: February 04, 2009, 10:18:48 AM »
ok ardvark, thanks. It better go   :-\ Or I gotta wipe it  :'(

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #19 on: February 04, 2009, 10:59:56 AM »
Tried this one? Good reputation for removal. Occasional FP's I've seen reported in the past. http://www.freedrweb.com/cureit/
Windows 10,Windows Firewall,Firefox w/Adblock.

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #20 on: February 05, 2009, 06:06:18 AM »
Sorry for the late response --> school >.<

But it is working fine now, Mbam didn't redetect the infections


But I get this message?

ardvark

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #21 on: February 05, 2009, 06:23:32 AM »
Hi...

Did you start getting this message after you had Malwarebytes delete the rootkit? If so, it could possibly be "leftover" registry entries that the rootkit or the software that installed the rootkit created. A registry cleaner might help...

http://www.download.com/TweakNow-RegCleaner-Standard/3000-2094_4-10262639.html

If this program doesn't take care of it, you can try deleting it manually with the information provided here...

http://www.bleepingcomputer.com/startups/ntndis.exe-14934.html

Best Regards...

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #22 on: February 05, 2009, 07:19:08 AM »
Ugh, It's back >.< It freezes again, I don't know if the message came up or not. Rerunning a scan

ardvark

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #23 on: February 05, 2009, 07:41:25 AM »
I don't know if the message came up or not.

Hi...

I'm not sure I understand exactly, please expand or clarify what you meant. Were there other windows possibly blocking it from being seen? ???

Best Regards...
« Last Edit: February 05, 2009, 07:44:21 AM by ardvark »

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #24 on: February 05, 2009, 09:09:39 AM »
The projet 1


I have noticed something. My computer works fine until the very momeny omong355.tmp is detected by avast.

PWstealer-U

Everytime I have tried to chest this item, It still says detected and stuff. Even deleting it. So I deleted the actual file.

But there are similiar things. These are all in Local Settings Temp, So are they safe to delete

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #25 on: February 05, 2009, 09:21:28 AM »
ok, after I deleted and restarted normally, It said detected again. So are they recreating by themself? or what process would do that?

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #26 on: February 05, 2009, 11:01:22 AM »
I just found out I could edit my registry through mbam. I have now edited disable tskmgr and can now use it again.

Just changed a 0 to a 1. >.^ Easier than I thought

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #27 on: February 05, 2009, 11:36:32 AM »
You might want to have a look here http://www.bleepingcomputer.com/forums/topic131299.html and consider running the SDFix tool. It is designed to be run in safe mode.
Rootkits, by their nature, are difficult to detect and remove, and yes, they (and some other types of malware) recreate themselves, often assigning a random filename to the temporary processes involved.
It would make sense, once the tool is downloaded, to go offline while scanning, and run repeat scans while offline using MBAM and SAS as well.
You might want to print out the instructions at the page I linked. (It seems to be fairly straightforward, tho.)

You know SAS has a toolkit with some useful repairs. Might be worth looking into that once the malware scanners have done all they can do.
It might take a bit of persistence to nail this thing. It just depends how much you want to nail it, rather than re-install.
Windows 10,Windows Firewall,Firefox w/Adblock.

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - I got it and it's really bad, 7 of them >.<
« Reply #28 on: February 05, 2009, 11:50:18 AM »
Quote
You might want to have a look here http://www.bleepingcomputer.com/forums/topic131299.html and consider running the SDFix tool. It is designed to be run in safe mode.

Thanks for that

Quote
Rootkits, by their nature, are difficult to detect and remove, and yes, they (and some other types of malware) recreate themselves, often assigning a random filename to the temporary processes involved.
It would make sense, once the tool is downloaded, to go offline while scanning, and run repeat scans while offline using MBAM and SAS as well.


After deleting the Rootkit from MBAM, it no longer detects it, but the Disable.tskmgr keeps coming back. And so does that password-u thing, which will NOT go

Quote
You might want to print out the instructions at the page I linked. (It seems to be fairly straightforward, tho.)

I'll put on usb

Quote
You know SAS has a toolkit with some useful repairs. Might be worth looking into that once the malware scanners have done all they can do.

I'll take a look

Quote
It might take a bit of persistence to nail this thing. It just depends how much you want to nail it, rather than re-install.

I wanna destroy it >.<
« Last Edit: February 05, 2009, 12:01:41 PM by Husk »

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - MIGHT BE A SUCCESS =D
« Reply #29 on: February 05, 2009, 12:46:21 PM »
=D I think it worked, Here's the report and a HJT log incase there's something left
« Last Edit: February 05, 2009, 12:49:21 PM by Husk »