Tech Support Forum banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
25 Posts
Discussion Starter · #1 ·
Hello! I have problems with a virus on my dad's notebook. The AV (Microsoft Essentials) detects the worm Dorkbot.I and deletes it everytime I turn it on, but it keeps comming back.

I've run a full analysis with the mentioned AV, and detected and deleted a trojan called "ASX/Wimad.DD".

I also ran, with unsactifacory results:
Spybot-S&D
CCleaner
AdAware

Additional Information regarding the issue:
- I can't enter certain websites related to anty-spyware (AdAware and Hijackthis download web were inaccessible from this computer, had to download them from another computer (which was running on the same network) and pass it on with a pendrive).
- When plugged the pendrive into my other computer, the Dorkbot warning popped up with the AV from that PC (Eset Nod32) from the pendrive.


I've attached the required files. I don't think I have access to Window's Seven disc, not this version anyway.

Thanks in advance.

gmgo
 

Attachments

·
TSF-Emeritus
Joined
·
8,956 Posts
Hi

Please run the following:



Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

·
TSF-Emeritus
Joined
·
8,956 Posts
Perfect thanks, for some reason, i couldn't open that the other day.

Please run the following:

Refer to the ComboFix User's Guide

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top