Author Topic: Another infection by Win32:Rootkit-gen [Rtk]  (Read 5207 times)

0 Members and 1 Guest are viewing this topic.

amonra

  • Guest
Another infection by Win32:Rootkit-gen [Rtk]
« on: March 17, 2011, 12:55:57 PM »
This is the second infection in the last few days. Doesn't Avast do it's job well?


thisiscool

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #1 on: March 17, 2011, 01:55:51 PM »
lol i've got the same one a week ago from a website..
but avast removed it at the second he found it.. and the computer was clean like a baby ass!
lol after a couple of days i've decided to formart the computer just in case.

amonra

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #2 on: March 17, 2011, 03:13:52 PM »
I tried out the Bit Defender Rescue CD as well, after scanning with Avast. My system seems to be clean now. (I hope!) :)

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6710
  • Trust only what you test yourself!
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #3 on: March 18, 2011, 01:18:16 AM »
What scan are you using and what settings concerning rootkits do you have? I may be that your rootkits settings are to high. And did you run a boot-time scan? If you run a boot-time scan I advise you to keep and use default settings.  It could be false positives. Try using "quick" setting for root-kits not "full". You might consider getting MalwareBytes  http://filehippo.com/download_malwarebytes_anti_malware/
And Super Anti-Spyware  http://filehippo.com/download_superantispyware/ :)
« Last Edit: March 18, 2011, 01:25:11 AM by Para-Noid »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

nord

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #4 on: March 18, 2011, 03:12:53 AM »
What scan are you using and what settings concerning rootkits do you have? I may be that your rootkits settings are to high. And did you run a boot-time scan? If you run a boot-time scan I advise you to keep and use default settings.  It could be false positives. Try using "quick" setting for root-kits not "full". You might consider getting MalwareBytes  http://filehippo.com/download_malwarebytes_anti_malware/
And Super Anti-Spyware  http://filehippo.com/download_superantispyware/ :)

para-noid,

Have you had good luck with Super anti-spyware and Avast 6.0.1000? I use Avast with Outpost Free 2009 (until they fix the new security suite) and the only problems I've had using Avast are with Super and Ad-ware. Malwarebytes and HitmanPro have worked perfectly with my current firewall and Avast combo.


amonra

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #5 on: March 18, 2011, 08:35:04 AM »
What scan are you using and what settings concerning rootkits do you have? I may be that your rootkits settings are to high. And did you run a boot-time scan? If you run a boot-time scan I advise you to keep and use default settings.  It could be false positives. Try using "quick" setting for root-kits not "full". You might consider getting MalwareBytes  http://filehippo.com/download_malwarebytes_anti_malware/
And Super Anti-Spyware  http://filehippo.com/download_superantispyware/ :)
I think my system was infected at March 14. See my another post:
http://forum.avast.com/index.php?topic=73843.0

Yes, I did run a full scan, the boot-time one as well. The detected file in Java cache was deleted. I updated my Java to the latest version, too. Another full scan at March 16. found nothing.

But however, yesterday I noticed a suspicious file in my Users folder named YCemSCi.exe, created at March 14. as well. And a few temp files. Fortunately this time Avast detected them (maybe, the new definition update!). I don't think it is a false positive.

By the way, all my settings are default (Normal).

What about SuperAntiSpyware Portable? Should I give it a try?
« Last Edit: March 18, 2011, 08:50:53 AM by amonra »

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6710
  • Trust only what you test yourself!
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #6 on: March 19, 2011, 12:26:13 AM »
What scan are you using and what settings concerning rootkits do you have? I may be that your rootkits settings are to high. And did you run a boot-time scan? If you run a boot-time scan I advise you to keep and use default settings.  It could be false positives. Try using "quick" setting for root-kits not "full". You might consider getting MalwareBytes  http://filehippo.com/download_malwarebytes_anti_malware/
And Super Anti-Spyware  http://filehippo.com/download_superantispyware/ :)

para-noid,

Have you had good luck with Super anti-spyware and Avast 6.0.1000? I use Avast with Outpost Free 2009 (until they fix the new security suite) and the only problems I've had using Avast are with Super and Ad-ware. Malwarebytes and HitmanPro have worked perfectly with my current firewall and Avast combo.


Both SAS and MBAM "do not" conflict with avast and play well with avast. To answer your question...yes. The best indicator is that neither have detected any nasty things as I expected. avast came through with flying colors.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Nesivos

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #7 on: March 19, 2011, 03:07:55 AM »
There is some talk on the Net that this virus comes with "Gameguard".

In fact there have been some Avast users from two and three years ago that had this virus infect their system

http://www.aeriagames.com/forums/en/viewtopic.php?t=253157


http://answers.yahoo.com/question/index?qid=20080414195550AAqOUvc


amonra

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #8 on: March 19, 2011, 09:43:41 AM »
There is some talk on the Net that this virus comes with "Gameguard".

In fact there have been some Avast users from two and three years ago that had this virus infect their system

http://www.aeriagames.com/forums/en/viewtopic.php?t=253157


http://answers.yahoo.com/question/index?qid=20080414195550AAqOUvc



I have nothing to do with Gameguard. I got this infection from a website while surfing. Cannot remember which one. But I guess it did make use of a hole in Java 6u17.

I ran SuperAntiSpyware Portable too. It works well, but found nothing except some cookies listed as adware.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6710
  • Trust only what you test yourself!
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #9 on: March 19, 2011, 07:39:36 PM »
There is some talk on the Net that this virus comes with "Gameguard".

In fact there have been some Avast users from two and three years ago that had this virus infect their system

http://www.aeriagames.com/forums/en/viewtopic.php?t=253157


http://answers.yahoo.com/question/index?qid=20080414195550AAqOUvc


Have you tried MBAM (MalwareBytes) yet?

I have nothing to do with Gameguard. I got this infection from a website while surfing. Cannot remember which one. But I guess it did make use of a hole in Java 6u17.

I ran SuperAntiSpyware Portable too. It works well, but found nothing except some cookies listed as adware.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

news

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #10 on: March 19, 2011, 08:05:48 PM »
There is some talk on the Net that this virus comes with "Gameguard".

In fact there have been some Avast users from two and three years ago that had this virus infect their system

http://www.aeriagames.com/forums/en/viewtopic.php?t=253157


http://answers.yahoo.com/question/index?qid=20080414195550AAqOUvc



I have nothing to do with Gameguard. I got this infection from a website while surfing. Cannot remember which one. But I guess it did make use of a hole in Java 6u17.

I ran SuperAntiSpyware Portable too. It works well, but found nothing except some cookies listed as adware.

amonra..you may want to update your java software. It's now at Java6 update 24. 

amonra

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #11 on: March 19, 2011, 09:12:55 PM »
amonra..you may want to update your java software. It's now at Java6 update 24. 

I already did it. Thanks anyway.

(Didn't you read my third post above? ;D)

Offline danny96

  • Malware Fighter
  • Advanced Poster
  • **
  • Posts: 668
  • No-malware!
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #12 on: March 19, 2011, 09:20:30 PM »
I tried out the Bit Defender Rescue CD as well, after scanning with Avast. My system seems to be clean now. (I hope!) :)
Also try to scan your computer with malwarebytes
Real-time protection and Firewall: COMODO Internet Security 12.0.0.6810 -- Additional Protection: Web Of Trust, Ublock, NoScript, Malwarebytes Premium, Avast! Online Security, Hitman Pro -- OS: Windows 10

amonra

  • Guest
Re: Another infection by Win32:Rootkit-gen [Rtk]
« Reply #13 on: March 19, 2011, 09:32:51 PM »
I tried out the Bit Defender Rescue CD as well, after scanning with Avast. My system seems to be clean now. (I hope!) :)
Also try to scan your computer with malwarebytes
Thanks for the tip.