Hello Techsupport
I am new around here and I need guidance to solve an older Windows-Mystery of mine. I didn't posted in the "virus/trojan/spyware help" in the first place because I'm not sure if my system is infected or not, and I don't want to disturb the hard-working-experts with a false alarm so I hope I can find an answer here after I explain my problem... and then I'll go to the other board for help.
So... I have a Samsung laptop running Windows 7 Home Premium 64-bit Service Pack 1. Last autumn, I think it was the end of October, I got an USB flash drive from a buddy and unlucky for me, there were some serious trouble on that device. Back then I was using Norton Internet Security 2011 and all the autoruns malware-stuff were busted, or at least this is what NIS said that time.
In January, I did some serious checking with various anti-virus/anti-spyware/anti-malware/anti-trojan software including Norton IS, Comodo IS, Comodo Cleaning Essentials, Microsoft Security Essentials (even Windows Defender), Malwarebytes Anti-Malware, Emsisoft Anti-Malware, SuperAntiSpyware, Spybot S&D, HitmanPro, BitDefender, ESET Smart Security, Microsoft Safety Scanner, Kaspersky Virus Removal Tool, Kaspersky Anti-virus 2012, Ad-Aware and... I can't remember if there is anything else. The thing is... Some of them like MBAM, Emsisoft, Hitman, Comodo and Kaspersky found more ugly files so I deleted all of them.
For a while I was relieved, thinking that my system is safe. Now I find out about this new "rootkit" type of malware and start googling over and over to find some useful information. This is how I got here too...
I followed the tips on
this thread and... I think I might have some left-overs or worst.
1. I can't run GMER! Searched on google and found out that this app doesn't run on 64-bit systems and I have a Win7 64-bit version... What alternative do I have?
1.5 As I was searching for the GMER problem with 64bit systems I found a thread were some guys were saying that 64-bit Operating Systems are much harder to infect with rootkit and the changes for this to happen are very low. Is this true?
2. DDS worked but I don't understand much of the log... Is there a guide or smth like "How to read a DDS log for dummies" ?
3. I use the Sysinternals Suite and there is a RootkitRevealer in there which I haven't tried until today... It didn't start. Seems it's a XP/Server '03 compatible only. Is there any W7 64bit version?
4. I saw some other apps on the GMER site and tried catchme and mbr to see if they find something. MBR was getting errors like...
Code:
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR
and catchme found some "NTDLL code modification" like...
Code:
ZwEnumerateKey 0 != 47,
ZwQueryKey 0 != 19,
ZwOpenKey 0 != 15
and other stuff like those Zw-things. Why doesn't the MBR work? On a board someone was saying that "NTDLL code modification" is a evidence of a trojan, is this true?
I must mention that I had used TuneUp Utilities, don't why I mention this but it may probably have a connection with those NTDLL?
Now I have Kaspersky Anti-virus 2012 and Comodo Firewall (with Defense+).
Can someone help me out with this, please?
Thanks!
alex2919
