Adlice forum
General Category => Malware removal help => Topic started by: Vediovis on January 13, 2015, 06:45:45 PM
-
So, one of my accounts got hacked. I was paranoid and I started scanning my laptop.
I ran Rogue Killer twice and both showed very different results (rebooted in between).
I am not sure what to make of it, can someone help me with it?
I have attached the logs as they were over 20000 characters and did not fit into this post.
-
Hi Vediovis,
Welcome to Adlice.com Forum.
The first report was generated with the 32 bits version of RogueKiller, the second by the 64 bits version (the one you should be using).
Anyway, the tool wasn't able to load its driver.
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
Were any security programs running in the background when you launched RogueKiller ?
Regards.
-
Hey Curson,
Thanks for the reply.
I use MalwareBytes' Anti Malware, MalwareBytes' Anti Exploit, and BitDefender.
I am not sure why the driver did not load since I had disabled all three of them.
What do you suggest?
-
Hi Vediovis,
Please restart your computer and perform a new scan with Roguekiller.
Could you tell me if the following file is present :
C:/Windows/System32/Drivers/TrueSight.sys
Regards.
-
Yes, the file is present but the restart did not help.
Any other suggestions?
-
Hi Vediovis,
It seems that RogueKiller's driver cannot be initialized for some reasons.
The presence of a rootkit may be causing this behaviour.
- Please download TDSSKiller (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
(http://i1118.photobucket.com/albums/k611/lhs22/tds2.jpg)
- Check Loaded Modules and Detect TDLFS file system.
- If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
(http://i1118.photobucket.com/albums/k611/lhs22/2012081514h0118.png)
- Click Start Scan and allow the scan process to run.
If threats are detected select Skip for all of them unless I instruct you otherwise.
- Click Continue
(http://i1118.photobucket.com/albums/k611/lhs22/tds6.jpg)
- Click Reboot computer
Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your next reply.
Regards.
-
The scan came out clean
I have attached the logs just in-case.
Please tell me how to proceed next?
-
Hi Vediovis,
According to the last report your computer seems clean.
Howewer, we would like to investigate why RogueKiller's driver was unable to load.
Could you please manually delete the file TrueSight.sys and make a last try with RogueKiller ?
Regards.
-
Seems like the driver loaded fine this time I have attached the log as there were other errors.
The anti-rootkit section showed some files (link to image) - http://i.imgur.com/E8hxjNX.png
-
Hi Vediovis,
Yes, the driver managed to load and the tool reported no infection.
The lines which are highlighted in green in the Rootkit section are legit elements which should not be removed.
Your computer seems clean.
If you have any questions, feel free to ask.
Regards.