win32:rootkit-gen. files unable to move/del/repair

[daiw]

As you will no doubt relaise from this, my knowledge of computers is appallingly bad, so my apologies in advance for unneccesary info or anything unclear.

I can no longer use mine, as i have constant pop up of malware detected that will not go away.
i run avast home normally, and ran a thorough scan when the problem appeared.

It brought up 5 files listed as infected, but only automatically moved 2 to the chest.

for the others it comes up:
Name: C:\Users\Administrator\App data\...\[Embedded_l#07a78]
Result: Infection:Win32:Rootkit-gen [Rtk]
Operation: Error occurred during file deletion

I have tried manually deleting/ moving/ repairing but it comes up error each time

it also keeps linking to AntiVirus system Pro and asking for $49.95.

It has also come up with a box that says
attacked from 210.31.57.85 port 16024
attacked port 57604
threat Win32/nuyel.E

Any help in getting these files removed  and getting my computer working would be greatly appreciated.

thanks

dai.

[cinchez]

AntiVirus system Pro for $49.95?
That sounds like a rogue program!^^

Try downloading Malwarebytes Anti-malware(www.malwarebytes.org) from a different PC and install it using a USB or any other media devices^^

Post back the results for further analysis^^(done by avast! evangelists^^)

-AnimeLover^^

[nmb]

Hello daiw,

I agree with addict. Along with malwarebytes, you can also use superantispyware.

[mkis]

Hello Dai
Sorry about cross-posting - sending in anyway.

Sounds like you have made some progress cleaning your hard disk of malware, but still have a way to go. For a similar sort of problem a few days ago, I downloaded and ran the Sophos anti-rootkit ( http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html ) for a good outcome. So I would suggest that you do the same. Certainly wont hurt.

Sophos shows suspect files inside the scanner and you need to click the files to get more information, and really follow directions from Sophos so you get good grasp of all the details. Sophos will either recommend or rate or something like that so you can make informed choice at cleanup time.
Also download mbam and run that through your system to see whether that helps in the cleanup.
( http://www.filehippo.com/download_malwarebytes_anti_malware/tech/ ).

Turn off System Restore for your next scan. Try a boot-time scan ( http://forum.avast.com/index.php?topic=46521.msg394260#msg394260 ). Not that difficult once you get the hang of it.

Sometimes the trouble is files or objects that wont budge. (Not necessarily virus by now). But once they're sorted, often deleted anyway if they not absolute needed or wanted, the cleanup is quickly accomplished. Then its time to tidy up the drives, disk cleanup, defragment, and so on.

And then most importantly is time to work out a layered defense. You can find  a lot of good information in the forum to help you with this crucial final task(s). You will need to spend some time searching and reading. And always keep in mind that an  ounce of prevention is worth a pound of repair when it comes to smooth running of PC systems.

[daiw]

Cheers for the suggestions,

have loaded and run Malwarebyte, picked up 5 problems and seemed happy to get rid of them. now have nothing popping up, and  it's all behaving as normal. will run avast again to see if anything is picked up, but looks good.

Thanks again.
Dai.

[DavidR]

It is always advisable to post the MBAM log as this gives us an idea what the problem was and if there might be other things to do.

[mkis]

+1 Agree with DavidR

post mbam logs so that you can have expert analysis of current computer status.

also HjT logs can serve same purpose. Always worthwhile to post HjT log.

[Tarq57]

Sounds like the worst might be over (subject to the perusing of log/s).
Just a tip for the future, although MBAM is good at this type of stuff (which is why it's often recommended here) another trick for any malware that can't be moved is to run a boot scan with Avast.
This scans at boot, and often before some malware can load and "hook" itself in. So might be able to remove stuff that a regualr scan can not.
Appears not to work for all types of malware, but does for some, perhaps a majority.