Poll

Wanna buy me a new computer? >.<

yes
Yes

Author Topic: ROOTKIT NTNDIS.EXE - STILL NOT FIXED >.<  (Read 11653 times)

0 Members and 1 Guest are viewing this topic.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: ROOTKIT NTNDIS.EXE - MIGHT BE A SUCCESS =D
« Reply #30 on: February 05, 2009, 08:37:06 PM »
You better have a look at this sticky. http://www.bleepingcomputer.com/forums/topic25912.html
Basically, as I mentioned earlier, you are running HJT from your desktop. It needs to be moved to its own folder on the C drive.

Aside from that, I see no indication in the logs that anything has been fixed.
Has either application - or MBAM or SAS- deleted or quarantined any further files?
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: ROOTKIT NTNDIS.EXE - MIGHT BE A SUCCESS =D
« Reply #31 on: February 05, 2009, 08:40:48 PM »
Correction to the last, there has been one temp .bat file removed.
Hard to believe, but I wonder if it actually did do the job?
Windows 10,Windows Firewall,Firefox w/Adblock.

CharleyO

  • Guest
Re: ROOTKIT NTNDIS.EXE - MIGHT BE A SUCCESS =D
« Reply #32 on: February 05, 2009, 09:01:23 PM »
***

From an analysis of your HJT log :

This one belongs to Yahoo Companion but appears to be deactivated ...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
[can be fixed if this is no longer being used]

The next 2 were classified as unknown entries though I found some information at the links below ...

O4 - S-1-5-18 Startup: Transparent Windows.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Transparent Windows.lnk = ? (User 'Default user')

http://technet.microsoft.com/en-us/library/cc780850.aspx

http://msdn.microsoft.com/en-us/library/ms940168(WinEmbedded.5).aspx
[read under header "Standard Start Menu Short Cuts Updated"]


***

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - MIGHT BE A SUCCESS =D
« Reply #33 on: February 06, 2009, 06:08:44 AM »
Mmm... I spoke to soon. It still has the same problem, appears I can only get on through a program when a scan is run and needed to reset.

I'll move HJT to a c drive folder

I did have yahoo messenger, but deleted it a long time ago. Transparent windows is a tool where I can control the opacity of the window

CharleyO

  • Guest
Re: ROOTKIT NTNDIS.EXE - MIGHT BE A SUCCESS =D
« Reply #34 on: February 06, 2009, 07:24:02 AM »
***

Ok, then ... just fix the 02 entry for Yahoo companion and leave the 04 entries alone.


***

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - MIGHT BE A SUCCESS =D
« Reply #35 on: February 06, 2009, 07:48:53 AM »
ok

Husk

  • Guest
Re: ROOTKIT NTNDIS.EXE - MIGHT BE A SUCCESS =D
« Reply #36 on: February 06, 2009, 08:13:41 AM »
Aside from that, I see no indication in the logs that anything has been fixed.
Has either application - or MBAM or SAS- deleted or quarantined any further files?

I don't think they have. I'll run a SAS scan, see what it comes up with this time