ROOTKIT NTNDIS.EXE - STILL NOT FIXED >.<

[ardvark]

I'll do that

Hi...

Let us know the results.

Or You can be really nice =P I'm too young to buy anything 

I think your hardware is fine, it's just the OS that needs repaired or reinstalled.

blacklight in safe mode, doesn't work

Ok, how about Trend Micro's Rootkit-Buster?

Best Regards...

[Husk]

Sorry, was waiting for a reply, But I only just saw the second page 

I don't think Trend Micro works, Tcomm service doesn't work >.^?!?!

[ardvark]

Sorry, was waiting for a reply, But I only just saw the second page 

I don't think Trend Micro works, Tcomm service doesn't work >.^?!?!

Hi...

Not a problem.

Ok, we'll see if MalwareBytes will delete it. We have to get rid of the infection first before running chkdsk, otherwise it will do no good.

Best Regards...

[Husk]

ok ardvark, thanks. It better go    Or I gotta wipe it  :'(

[Tarq57]

Tried this one? Good reputation for removal. Occasional FP's I've seen reported in the past. http://www.freedrweb.com/cureit/

[Husk]

Sorry for the late response --> school >.<

But it is working fine now, Mbam didn't redetect the infections


But I get this message?

[ardvark]

Hi...

Did you start getting this message after you had Malwarebytes delete the rootkit? If so, it could possibly be "leftover" registry entries that the rootkit or the software that installed the rootkit created. A registry cleaner might help...

http://www.download.com/TweakNow-RegCleaner-Standard/3000-2094_4-10262639.html

If this program doesn't take care of it, you can try deleting it manually with the information provided here...

http://www.bleepingcomputer.com/startups/ntndis.exe-14934.html

Best Regards...

[Husk]

Ugh, It's back >.< It freezes again, I don't know if the message came up or not. Rerunning a scan

[ardvark]

I don't know if the message came up or not.

Hi...

I'm not sure I understand exactly, please expand or clarify what you meant. Were there other windows possibly blocking it from being seen?

Best Regards...

[Husk]

The projet 1


I have noticed something. My computer works fine until the very momeny omong355.tmp is detected by avast.

PWstealer-U

Everytime I have tried to chest this item, It still says detected and stuff. Even deleting it. So I deleted the actual file.

But there are similiar things. These are all in Local Settings Temp, So are they safe to delete

[Husk]

ok, after I deleted and restarted normally, It said detected again. So are they recreating by themself? or what process would do that?

[Husk]

I just found out I could edit my registry through mbam. I have now edited disable tskmgr and can now use it again.

Just changed a 0 to a 1. >.^ Easier than I thought

[Tarq57]

You might want to have a look here http://www.bleepingcomputer.com/forums/topic131299.html and consider running the SDFix tool. It is designed to be run in safe mode.
Rootkits, by their nature, are difficult to detect and remove, and yes, they (and some other types of malware) recreate themselves, often assigning a random filename to the temporary processes involved.
It would make sense, once the tool is downloaded, to go offline while scanning, and run repeat scans while offline using MBAM and SAS as well.
You might want to print out the instructions at the page I linked. (It seems to be fairly straightforward, tho.)

You know SAS has a toolkit with some useful repairs. Might be worth looking into that once the malware scanners have done all they can do.
It might take a bit of persistence to nail this thing. It just depends how much you want to nail it, rather than re-install.

[Husk]

You might want to have a look here http://www.bleepingcomputer.com/forums/topic131299.html and consider running the SDFix tool. It is designed to be run in safe mode.

Thanks for that

Rootkits, by their nature, are difficult to detect and remove, and yes, they (and some other types of malware) recreate themselves, often assigning a random filename to the temporary processes involved.
It would make sense, once the tool is downloaded, to go offline while scanning, and run repeat scans while offline using MBAM and SAS as well.

After deleting the Rootkit from MBAM, it no longer detects it, but the Disable.tskmgr keeps coming back. And so does that password-u thing, which will NOT go

You might want to print out the instructions at the page I linked. (It seems to be fairly straightforward, tho.)

I'll put on usb

You know SAS has a toolkit with some useful repairs. Might be worth looking into that once the malware scanners have done all they can do.

I'll take a look

It might take a bit of persistence to nail this thing. It just depends how much you want to nail it, rather than re-install.

I wanna destroy it >.<

[Husk]

=D I think it worked, Here's the report and a HJT log incase there's something left