i am using windows vista Home premium service pack2
am using McAfee security center
My Product Information
Antivirus Product - McAfee security center
Product Version - 9.15
DAT/Signature Version - 5808.0000
Enginer Version - 5301.4018
In my scan results i detected few viruses.Am not able to repair/remove.For few it displays scan after restart.When i try to repair a few it shows cleaning file but it doesnot get cleaned.Even after scanning again i get the same.As i want to completely remove from my system and make my pc free from virus i need guidance and assitance.
itemname- NTOSKRNL-HOOK-detection name-Generic Rootkit.d!rootkit[name repeated again n again] status-detected
itemname- NTOSKRNL-HOOK-detection name-GenericRootkit.d!rootkit status-detected
itemname- C:\WINDOWS\SYSTEM32\SKYNETDYJXIVQR.DLL - detection name-DNSChanger.ad status-Scan after restart
itemname- c:\windows\system32\skynetiptbpxnx.dll - detection name-DNSChanger.t status-Scan after restart
itemname- c:\windows\system32\drivers\skynettixipidvf.sys - detection name-BackDoor-DVU status-Quarantined
The item mentioned above keep appearing same in every scans and doesnot get removed.
please explain me completely as i dunno anything abt these viruses.
any help or advice ll be greatly appreciated.
The detections in your previous post point to a security threat called a rootkit. Rootkits are software designed to hide and protect files, programs, registry entries, network connections, or any other object in the computer system. They load at the core "root" of your system ahead of much of your software in order to act as a man-in-the-middle to intercept normal computer activity.
There are tools out there that be used to detect and possibly remove these threats but as this is a cat and mouse game, detection and repair is not guaranteed. You can try "RootRepeal" to scan and possibly remove the bad files.
This report file will contain the information about some hidden drivers and hooks in your system. Once we can determine the bad files, you should be able to right click on the entries in each tab and have an option to delete or wipe the file out.
Because of how these threats load, RootRepeal may fail. If it cannot detect and remove the threat, the best way to detect and remove them is by using an "Out of Box" clean up method. This means using another Clean Operating System to scan your computer. I have created a BootCD for emergency use that can be used to clean up your computer.
Thnx alot for your reply and spending ur precious time. As u said "Because of how these threats load, RootRepeal may fail" am really worried about my system.
I have done what u said and the report is below:-
ROOTREPEAL (c) AD, 2007-2009
Scan Start Time: 2009/11/22 22:59
Program Version: Version 18.104.22.168
Windows Version: Windows Vista SP2
Image Path: C:\Windows\system32\drivers\acdb321.sys
Address: 0x9D5D7000 Size: 49152 File Visible: No Signed: -
Image Path: C:\Windows\System32\drivers\svcl.sys
Address: 0x805B5000 Size: 54016 File Visible: No Signed: -
PID: 4 Status: Locked to the Windows API!
PID: 1284 Status: Locked to the Windows API!
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x8ee980b0
Service Name: SKYNETgwpusywq
Image Path: C:\Windows\system32\drivers\SKYNETmjxtrnvv.sys
Now what is the next step to do? Is it possible to completely remove all these infections? As am a novice to these stuffs i kindly request you to guide me step-by-step in completely removing these infections.
any help or advice ll be greatly appreciated.
Your RootRepeal log shows 1 definite bad entry and 1 questionable one. It also shows that the file names are changing (randomly) possibly because the files are getting removed or redownloaded/reinstalled. To start, I would go to the Services tab in RootRepeal, do the scan, then find the SKYNET file, right click and choose Delete, Force Delete, or Wipe. Start with Delete and if it fails, move to the next option. After this, you need to start your computer in SAFE MODE and run McAfee VirusScan.
A BootCD I created can also remove this but generally takes the most time (download, burn, CD boot, and Scan/Clean).
Note: I have no idea what " C:\Windows\System32\drivers\svcl.sys" is... It might be a part of the virus or something else legit. I couldn't find anything on a quick Google Search and most legit programs are not hidden files so this could be bad too. However, since I can't tell, I did not include instructions to remove it since it *might* be required for some software or hardware you use on your computer.