Author Topic: Win32:Rootkit-gen[Rtk]  (Read 3032 times)

0 Members and 1 Guest are viewing this topic.

Offline G747

  • Newbie
  • *
  • Posts: 2
Win32:Rootkit-gen[Rtk]
« on: May 18, 2011, 02:55:16 AM »
Hello everyone,


Two days ago, I was hit with Win7 2011 antivirus. It disabled Mbam and MSE. I was able to to get into mbam to scan and found:

Trojan.exe.shell.gen (File)
Hijack.exefile (Registry Value)
Hijack.StartMenuInternet (Registry Data)
Broken.OpenCommand  (Registry Data)
The above is now in quarantine

I ran a full scan with mbam and hasn't found anything again and did a full scan with avast and bootscan. I just finished a quick scan with avast and it found C:\Users\Computer\AppData\Local\hif.exe. The option to move to chest results in an: Error:Access us denied(5)

Will the delete option get rid of it?
Thank you for any information.


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Win32:Rootkit-gen[Rtk]
« Reply #1 on: May 18, 2011, 03:04:08 AM »
MSE and avast will conflict sooner or later...
Better is having just one antimalware at a time.

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Read this instructions and provide more info with the logs generated.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Offline G747

  • Newbie
  • *
  • Posts: 2
Re: Win32:Rootkit-gen[Rtk]
« Reply #2 on: May 18, 2011, 03:06:19 AM »
I removed MSE from my computer I only use MBAM for on demand and avast free.

I was only using MSE and MBAM at the time this happened, I still had access to the internet as was able to download avast.

Thank you for the instructions. :)
« Last Edit: May 18, 2011, 03:09:34 AM by G747 »