Author Topic: Rootkit Blocked Keeps Popping Up! (Read 7137 times)

VivaLaMandie · « **on:** December 26, 2010, 05:33:14 PM »

So I woke up this morning to Avast going off about a rootkit being blocked The infection is Win32:Rootkit-gen[Rtk]
Im not sure what the hell that is but all i've been doing is researching how to get rid of it was in my temp files under AppData???..it's in my virus chest now..but unlike any other attack this one keeps attempting..every 2 seconds avast pops up saying Rootkit Blocked, Im now running a full system scan but after that Im not sure what to do...Im going to work in about 30 min so when I get home I'd love to get this done and over with..I could just call sony because my laptop is still in warranty but I'm sure Avast can fix this. Please anyone who knows what I should do post your responses.

mkis · « **Reply #1 on:** December 26, 2010, 07:13:25 PM »

This is good place to start when you get home

http://forum.avast.com/index.php?topic=53253.0

you will have to wait for essexboy, our resident malware expert, to reply to the thread.

DavidR · « **Reply #2 on:** December 26, 2010, 07:17:47 PM »

If it is returning then there are likely to be other elements restoring it.

Download the free version of MBAM (MalwareBytes AntiMalware), install, update, run it and post the contents of the log file.

http://www.malwarebytes.org/mbam.php

nsm0220 · « **Reply #3 on:** December 28, 2010, 09:01:40 AM »

you can also run GMER

DavidR · « **Reply #4 on:** December 28, 2010, 02:52:54 PM »

I guess no one has told you that the avast anti-rootkit is based on the GMER anti-rootkit, but designed to be more user friendly in not having to sift through the information returned.

As far as I'm concerned you shouldn't use the GMER anti-rootkit unless you know what you are doing or are using it under instruction.

nsm0220 · « **Reply #5 on:** December 28, 2010, 11:10:01 PM »

i know how to use gmer

DavidR · « **Reply #6 on:** December 28, 2010, 11:18:31 PM »

You might, but those to whom you are suggesting it might not and it is them that you should be concerned about and that was where my comments are directed given this is a support site.

essexboy · « **Reply #7 on:** December 28, 2010, 11:18:48 PM »

This sounds like it may be the TDL4 MBR rootkit - from reading the beta thread I think this is being added at some stage for both detection and cure. Until then

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.