Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - willH

Pages: [1]
1
Malware removal help / Re: How to remove the "IAT" from the laptop.
« on: November 27, 2015, 03:16:07 PM »
Do not understand the last message.
What should I do next?

2
Malware removal help / Re: How to remove the "IAT" from the laptop.
« on: November 27, 2015, 02:43:40 PM »
I have not installed RogueKiller. I use a portable RogueKiller.
On cleaning I use ADWcleaner and this me shows no rootkit.
 Send you in an attachment RKreport from last cleaning

3
Malware removal help / Re: How to remove the "IAT" from the laptop.
« on: November 27, 2015, 01:00:27 PM »
Ok, I'll wait.
I believe that I help solve the problem.

4
Malware removal help / Re: How to remove the "IAT" from the laptop.
« on: November 27, 2015, 10:48:19 AM »
I sent according to the instructions explorer.rar

5
Malware removal help / Re: How to remove the "IAT" from the laptop.
« on: November 26, 2015, 01:23:47 PM »
I do not understand this part:
When Roguekiller hang, locate the process named explorer.exe, right click select Create Dump > Create Full Dump...

I have also enable control involving RogueKiller or what should I do?

6
Malware removal help / How to remove the "IAT" from the laptop.
« on: November 25, 2015, 03:13:48 PM »
Hello all,
when I checked the laptop so RogueKiller (Local 64bit) he found "PUP" and rootkit "IAT" who can not be removed. According of paint is it serious problem. After clicking on the "Delete" button and a reset laptop "PUP" erased, but remained rootkit "IAT".
Is it possible to remove the rootkit ? Please help!!!
I apologize for mistakes in English. I am not English, but I live in England.
Add part of the results of the control program RogueKiller.

RogueKiller V10.11.7.0 (x64) [Nov 23 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : new [Administrator]
Started from : C:\Users\new\Desktop\RogueKillerX64 (1).exe
Mode : Scan -- Date : 11/24/2015 19:28:12

.......

¤¤¤ Hosts File : 2 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\WINDOWS\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x775101e0 (jmp 0x147f90|jmp 0xfffffffffffffe19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x77510360 (jmp 0x149520|jmp 0xfffffffffffffc99|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x77510440 (jmp 0x149760|jmp 0xfffffffffffffbb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x77510300 (jmp 0x149280|jmp 0xfffffffffffffcf9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x77510340 (jmp 0x148de0|jmp 0xfffffffffffffcb9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenSection : Unknown @ 0x77510310 (jmp 0x1493c0|jmp 0xfffffffffffffce9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x77510380 (jmp 0x1493e0|jmp 0xfffffffffffffc79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x775102c0 (jmp 0x149260|jmp 0xfffffffffffffd39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x775103a0 (jmp 0x149420|jmp 0xfffffffffffffc59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x775103d0 (jmp 0x149530|jmp 0xfffffffffffffc29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x77510390 (jmp 0x148f30|jmp 0xfffffffffffffc69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x775102d0 (jmp 0x1492f0|jmp 0xfffffffffffffd29|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSemaphore : Unknown @ 0x775102a0 (jmp 0x148c60|jmp 0xfffffffffffffd59|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenSemaphore : Unknown @ 0x775102b0 (jmp 0x148750|jmp 0xfffffffffffffd49|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateMutant : Unknown @ 0x77510280 (jmp 0x148cc0|jmp 0xfffffffffffffd79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenMutant : Unknown @ 0x77510290 (jmp 0x148780|jmp 0xfffffffffffffd69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateTimer : Unknown @ 0x77510320 (jmp 0x148cb0|jmp 0xfffffffffffffcd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenTimer : Unknown @ 0x77510330 (jmp 0x148790|jmp 0xfffffffffffffcc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateThreadEx : Unknown @ 0x775103c0 (jmp 0x148d60|jmp 0xfffffffffffffc39|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateThread : Unknown @ 0x775103e0 (jmp 0x1492d0|jmp 0xfffffffffffffc19|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenThread : Unknown @ 0x77510370 (jmp 0x1487e0|jmp 0xfffffffffffffc89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x775103f0 (jmp 0x148350|jmp 0xfffffffffffffc09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSuspendThread : Unknown @ 0x77510420 (jmp 0x1480f0|jmp 0xfffffffffffffbd9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueueApcThread : Unknown @ 0x77510430 (jmp 0x149400|jmp 0xfffffffffffffbc9|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ advapi32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x77510480 (jmp 0x1489f0|jmp 0xfffffffffffffb79|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ advapi32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x77510490 (jmp 0x1489f0|jmp 0xfffffffffffffb69|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x77510470 (jmp 0x149040|jmp 0xfffffffffffffb89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x77510270 (jmp 0x147e60|jmp 0xfffffffffffffd89|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x775102f0 (jmp 0x148830|jmp 0xfffffffffffffd09|jmp 0x19b)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x775101d0 (jmp 0x148830|jmp 0xfffffffffffffe29|jmp 0x19b)

Thank you all for help!!

Pages: [1]