Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- McAfee Enterprise Community
- :
- Security Awareness
- :
- Malware
- :
- Ntoskrnl - hook.
Options
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-25-2009
07:37 AM
Ntoskrnl - hook.
Hey Everyone. I have just scanned my Compaq Presario laptop computer with McAfee, scanning all files and folders, and finding and deleting four antiviruses, however, no matter what i do, that pesky NTOSKRNL - HOOK just won't go away. I have read multiple forums regarding this problem and many of them suggested booting into safe mode. Unfortunately, i get a blue screen of death every time i attempt this, so i am stuck in regular windows unable to proceed any further. Also, occasionally when i run windows in normal mode the blue death screen still appears, automatically restarting my computer repeatedly. I still have full internet access, full access to my antimalware and antivirus protection, and nothing else seems to be restricted as i can see now. I have ran three Malwarebytes AntiMalware scans - two quick and one full - and deleted any spyware, as well as restarted my computer asap. I also have ran an AVG free antivirus scan which found absolutely nothing. I am going to post my most recent logs from Malwarebytes, McAfee and RootRepeal, and any help would be greatly appreciated, as I am going to college in two days and need my computer up and running at full speed without a risk of crashing. Thank you very much.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/25 09:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED4C7000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B4C000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEDA3A000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\kbiwkmabrpuhhb.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\kbiwkmgdqrdlft.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\kbiwkmiranwuyr.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\kbiwkmkymkkdmp.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\kbiwkmoqmcrtqjhx.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\kbiwkmwboradae.sys
Status: Invisible to the Windows API!
Path: c:\documents and settings\admin\local settings\application data\google\chrome\user data\default\current session
Status: Size mismatch (API: 19594, Raw: 15591)
Stealth Objects
-------------------
Object: Hidden Module [Name: kbiwkmiranwuyr.dll]
Process: svchost.exe (PID: 988) Address: 0x10000000 Size: 49152
Object: Hidden Module [Name: kbiwkmabrpuhhb.dll]
Process: Explorer.EXE (PID: 1632) Address: 0x10000000 Size: 32768
Hidden Services
-------------------
Service Name: kbiwkmppqoqvxo
Image Path: C:\WINDOWS\system32\drivers\kbiwkmwboradae.sys
Service Name: WZSZXserv.sys
Image Path: C:\WINDOWS\system32\drivers\WZSZXuwkiorbqbdqomuwkriqhkltapucwjudw.sys
==EOF==
==========================================================
========================Malwarebytes AntiMalware=================
==========================================================
Malwarebytes' Anti-Malware 1.40
Database version: 2693
Windows 5.1.2600 Service Pack 3
8/25/2009 10:35:56 AM
mbam-log-2009-08-25 (10-35-56).txt
Scan type: Quick Scan
Objects scanned: 88033
Time elapsed: 5 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntipPro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/25 09:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED4C7000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B4C000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEDA3A000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\kbiwkmabrpuhhb.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\kbiwkmgdqrdlft.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\kbiwkmiranwuyr.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\kbiwkmkymkkdmp.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\kbiwkmoqmcrtqjhx.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\kbiwkmwboradae.sys
Status: Invisible to the Windows API!
Path: c:\documents and settings\admin\local settings\application data\google\chrome\user data\default\current session
Status: Size mismatch (API: 19594, Raw: 15591)
Stealth Objects
-------------------
Object: Hidden Module [Name: kbiwkmiranwuyr.dll]
Process: svchost.exe (PID: 988) Address: 0x10000000 Size: 49152
Object: Hidden Module [Name: kbiwkmabrpuhhb.dll]
Process: Explorer.EXE (PID: 1632) Address: 0x10000000 Size: 32768
Hidden Services
-------------------
Service Name: kbiwkmppqoqvxo
Image Path: C:\WINDOWS\system32\drivers\kbiwkmwboradae.sys
Service Name: WZSZXserv.sys
Image Path: C:\WINDOWS\system32\drivers\WZSZXuwkiorbqbdqomuwkriqhkltapucwjudw.sys
==EOF==
==========================================================
========================Malwarebytes AntiMalware=================
==========================================================
Malwarebytes' Anti-Malware 1.40
Database version: 2693
Windows 5.1.2600 Service Pack 3
8/25/2009 10:35:56 AM
mbam-log-2009-08-25 (10-35-56).txt
Scan type: Quick Scan
Objects scanned: 88033
Time elapsed: 5 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntipPro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-25-2009
07:38 AM
and here is my mcafee scan...
=========================================================
=========================McAfee============================
==========================================================
8/24/2009 2:12:09 PM Engine version =5301.4018
8/24/2009 2:12:09 PM AntiVirus DAT version =5718.0000
8/24/2009 2:12:09 PM Number of detection signatures in EXTRA.DAT =None
8/24/2009 2:12:09 PM Names of detection signatures in EXTRA.DAT =None
8/24/2009 2:11:17 PM Scan Started ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/24/2009 2:13:26 PM Deleted Admin NTOSKRNL-HOOK Generic Rootkit.d!rootkit(Trojan)
8/24/2009 2:23:33 PM Deleted Admin C:\WINDOWS\svchast.exe Generic FakeAlert.a(Trojan)
8/24/2009 2:31:45 PM Deleted Admin c:\Documents and Settings\Admin\Local Settings\Temp\rdl1.tmp W32/Autorun.worm!bt(Virus)
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Scan Summary
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes scanned : 62
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes detected : 2
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes cleaned : 0
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors scanned : 1
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors detected: 0
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors cleaned : 0
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files scanned : 6132
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files with detections: 1
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin File detections : 1
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files cleaned : 0
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files deleted : 1
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files not scanned : 13
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Run time : 1:08:08
8/24/2009 3:19:49 PM Scan Terminated ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/24/2009 3:32:09 PM Engine version =5301.4018
8/24/2009 3:32:09 PM AntiVirus DAT version =5718.0000
8/24/2009 3:32:09 PM Number of detection signatures in EXTRA.DAT =None
8/24/2009 3:32:09 PM Names of detection signatures in EXTRA.DAT =None
8/24/2009 3:31:29 PM Scan Started ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Scan Summary
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes scanned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes detected : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes cleaned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors scanned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors detected: 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors cleaned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files scanned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files with detections: 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin File detections : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files cleaned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files deleted : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files not scanned : 1
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Run time : 0:02:01
8/24/2009 3:33:30 PM Scan Terminated ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/24/2009 3:45:17 PM Engine version =5301.4018
8/24/2009 3:45:17 PM AntiVirus DAT version =5718.0000
8/24/2009 3:45:17 PM Number of detection signatures in EXTRA.DAT =None
8/24/2009 3:45:17 PM Names of detection signatures in EXTRA.DAT =None
8/24/2009 3:44:33 PM Scan Started ADMIN-MOJDWJQRW\Admin fullscan 1
8/24/2009 3:45:48 PM Deleted Admin NTOSKRNL-HOOK Generic Rootkit.d!rootkit(Trojan)
8/24/2009 9:00:55 PM Engine version =5301.4018
8/24/2009 9:00:55 PM AntiVirus DAT version =5719.0000
8/24/2009 9:00:55 PM Number of detection signatures in EXTRA.DAT =None
8/24/2009 9:00:55 PM Names of detection signatures in EXTRA.DAT =None
8/25/2009 3:48:20 AM Deleted Admin c:\WINDOWS\system32\WZSZXclpas.dll Generic.dx!dct(Trojan)
8/25/2009 3:48:29 AM Deleted Admin c:\WINDOWS\system32\WZSZXppc.dll Generic.dx!ced(Trojan)
8/25/2009 3:48:35 AM Deleted Admin c:\WINDOWS\system32\WZSZXsocks.dll Generic.dx!ced(Trojan)
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Scan Summary
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes scanned : 67
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes detected : 1
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes cleaned : 0
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors scanned : 1
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors detected: 0
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors cleaned : 0
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files scanned : 46945
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files with detections: 3
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin File detections : 3
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files cleaned : 0
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files deleted : 3
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files not scanned : 25
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Run time : 12:25:34
8/25/2009 4:10:07 AM Scan Complete ADMIN-MOJDWJQRW\Admin fullscan 1
8/25/2009 9:16:06 AM Engine version =5301.4018
8/25/2009 9:16:06 AM AntiVirus DAT version =5719.0000
8/25/2009 9:16:06 AM Number of detection signatures in EXTRA.DAT =None
8/25/2009 9:16:06 AM Names of detection signatures in EXTRA.DAT =None
8/25/2009 9:15:49 AM Scan Started ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/25/2009 9:16:17 AM Deleted Admin NTOSKRNL-HOOK Generic Rootkit.d!rootkit(Trojan)
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Scan Summary
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes scanned : 65
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes detected : 1
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes cleaned : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors scanned : 1
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors detected: 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors cleaned : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files scanned : 444
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files with detections: 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin File detections : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files cleaned : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files deleted : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files not scanned : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Run time : 0:04:36
8/25/2009 9:20:25 AM Scan Complete ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/25/2009 9:28:15 AM Engine version =5301.4018
8/25/2009 9:28:15 AM AntiVirus DAT version =5719.0000
8/25/2009 9:28:15 AM Number of detection signatures in EXTRA.DAT =None
8/25/2009 9:28:15 AM Names of detection signatures in EXTRA.DAT =None
8/25/2009 9:27:56 AM Scan Started ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/25/2009 9:28:18 AM Deleted Admin NTOSKRNL-HOOK Generic Rootkit.d!rootkit(Trojan)
=========================McAfee============================
==========================================================
8/24/2009 2:12:09 PM Engine version =5301.4018
8/24/2009 2:12:09 PM AntiVirus DAT version =5718.0000
8/24/2009 2:12:09 PM Number of detection signatures in EXTRA.DAT =None
8/24/2009 2:12:09 PM Names of detection signatures in EXTRA.DAT =None
8/24/2009 2:11:17 PM Scan Started ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/24/2009 2:13:26 PM Deleted Admin NTOSKRNL-HOOK Generic Rootkit.d!rootkit(Trojan)
8/24/2009 2:23:33 PM Deleted Admin C:\WINDOWS\svchast.exe Generic FakeAlert.a(Trojan)
8/24/2009 2:31:45 PM Deleted Admin c:\Documents and Settings\Admin\Local Settings\Temp\rdl1.tmp W32/Autorun.worm!bt(Virus)
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Scan Summary
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes scanned : 62
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes detected : 2
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes cleaned : 0
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors scanned : 1
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors detected: 0
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors cleaned : 0
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files scanned : 6132
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files with detections: 1
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin File detections : 1
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files cleaned : 0
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files deleted : 1
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files not scanned : 13
8/24/2009 3:19:49 PM Scan Summary ADMIN-MOJDWJQRW\Admin Run time : 1:08:08
8/24/2009 3:19:49 PM Scan Terminated ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/24/2009 3:32:09 PM Engine version =5301.4018
8/24/2009 3:32:09 PM AntiVirus DAT version =5718.0000
8/24/2009 3:32:09 PM Number of detection signatures in EXTRA.DAT =None
8/24/2009 3:32:09 PM Names of detection signatures in EXTRA.DAT =None
8/24/2009 3:31:29 PM Scan Started ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Scan Summary
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes scanned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes detected : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Processes cleaned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors scanned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors detected: 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors cleaned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files scanned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files with detections: 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin File detections : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files cleaned : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files deleted : 0
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Files not scanned : 1
8/24/2009 3:33:30 PM Scan Summary ADMIN-MOJDWJQRW\Admin Run time : 0:02:01
8/24/2009 3:33:30 PM Scan Terminated ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/24/2009 3:45:17 PM Engine version =5301.4018
8/24/2009 3:45:17 PM AntiVirus DAT version =5718.0000
8/24/2009 3:45:17 PM Number of detection signatures in EXTRA.DAT =None
8/24/2009 3:45:17 PM Names of detection signatures in EXTRA.DAT =None
8/24/2009 3:44:33 PM Scan Started ADMIN-MOJDWJQRW\Admin fullscan 1
8/24/2009 3:45:48 PM Deleted Admin NTOSKRNL-HOOK Generic Rootkit.d!rootkit(Trojan)
8/24/2009 9:00:55 PM Engine version =5301.4018
8/24/2009 9:00:55 PM AntiVirus DAT version =5719.0000
8/24/2009 9:00:55 PM Number of detection signatures in EXTRA.DAT =None
8/24/2009 9:00:55 PM Names of detection signatures in EXTRA.DAT =None
8/25/2009 3:48:20 AM Deleted Admin c:\WINDOWS\system32\WZSZXclpas.dll Generic.dx!dct(Trojan)
8/25/2009 3:48:29 AM Deleted Admin c:\WINDOWS\system32\WZSZXppc.dll Generic.dx!ced(Trojan)
8/25/2009 3:48:35 AM Deleted Admin c:\WINDOWS\system32\WZSZXsocks.dll Generic.dx!ced(Trojan)
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Scan Summary
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes scanned : 67
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes detected : 1
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes cleaned : 0
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors scanned : 1
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors detected: 0
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors cleaned : 0
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files scanned : 46945
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files with detections: 3
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin File detections : 3
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files cleaned : 0
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files deleted : 3
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files not scanned : 25
8/25/2009 4:10:07 AM Scan Summary ADMIN-MOJDWJQRW\Admin Run time : 12:25:34
8/25/2009 4:10:07 AM Scan Complete ADMIN-MOJDWJQRW\Admin fullscan 1
8/25/2009 9:16:06 AM Engine version =5301.4018
8/25/2009 9:16:06 AM AntiVirus DAT version =5719.0000
8/25/2009 9:16:06 AM Number of detection signatures in EXTRA.DAT =None
8/25/2009 9:16:06 AM Names of detection signatures in EXTRA.DAT =None
8/25/2009 9:15:49 AM Scan Started ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/25/2009 9:16:17 AM Deleted Admin NTOSKRNL-HOOK Generic Rootkit.d!rootkit(Trojan)
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Scan Summary
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes scanned : 65
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes detected : 1
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Processes cleaned : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors scanned : 1
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors detected: 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Boot sectors cleaned : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files scanned : 444
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files with detections: 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin File detections : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files cleaned : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files deleted : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Files not scanned : 0
8/25/2009 9:20:25 AM Scan Summary ADMIN-MOJDWJQRW\Admin Run time : 0:04:36
8/25/2009 9:20:25 AM Scan Complete ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/25/2009 9:28:15 AM Engine version =5301.4018
8/25/2009 9:28:15 AM AntiVirus DAT version =5719.0000
8/25/2009 9:28:15 AM Number of detection signatures in EXTRA.DAT =None
8/25/2009 9:28:15 AM Names of detection signatures in EXTRA.DAT =None
8/25/2009 9:27:56 AM Scan Started ADMIN-MOJDWJQRW\Admin On-Demand Scan
8/25/2009 9:28:18 AM Deleted Admin NTOSKRNL-HOOK Generic Rootkit.d!rootkit(Trojan)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-26-2009
01:26 AM
RE: and here is my mcafee scan...
Your computer is infected with a Rookit.. Why don't you try one of our moderator's CDs.. You may post on his thread for any feedback or help.
http://community.mcafee.com/showthread.php?t=231079&highlight=bootcd
http://community.mcafee.com/showthread.php?t=231079&highlight=bootcd
Community Help Hub
-
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
- Find Forum FAQs
- Learn How to Earn Badges
- Ask for Help
Join the Community
-
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
- Get helpful solutions from McAfee experts.
- Stay connected to product conversations that matter to you.
- Participate in product groups led by McAfee employees.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA