Win32:Rootkit-gen [Rtk] help needed

[El Stevo]

Ok so my trouble started last night.

Somehow 'Internet Security 2010' managed to get installed on my PC.

Avast was unable to remove it but I have since used MBAM to do the job Avast couldn't.

 

Thats one problem out of the way.

 

Now, Avast keeps alerting me every few minutes of Win32:Rootkit-gen [Rtk].

Delete, move to chest or any other option I'm presented with does not seem to resolve the issue.

Every few minutes or so Avast alerts me to it again and again...

 

I've ran Avast full system scan, boot time scan and every other scan possible to no avail.

I've done a Sophos Anti-Rootkit scan and nothing out of the ordinary [to me anyway] showed.

I've also ran a SpyBot scan and an Ad-Aware full system scan.

Ad-Aware did find one other piece of naughtiness on my PC but assured me it had deleted the naughtiness and life was now jolly for all concerned.

 

I've also attached my HJT log in the hope that maybe someone can shed some light on the problem.

 

So, if any of this makes sense to someone out there and they have time to help, I would be unbelievably grateful.

 

If any further information is needed, I will be only too happy to provide.

 

Thanks in advance.

hijackthis.txt

[El Stevo]

Update:

Several SAS scans later and it seems that Win32:Rootkit-gen [Rtk] has been removed.

Now I'm faced with browser hijacking problems.

Links from google and other search engines are causing IE to load random sites.

Also now Avast! is picking up Win32:VB-OCT [Drp] every few minutes.

 

I'm getting to the end of my tether with this lol.

 

Any help?

:(

[chiaz]

Hi El Stevo,

 

Sorry for the late reply.

 

A few things before we start....

1. Please Read All Instructions Carefully.

2. If you don't understand something, stop and ask! Don't keep going on.

3. Please do not run any other tools or scans whilst I am helping you.

4. If you have to go away for an extended period of time, let me know.

5. Please continue to respond until I give you the "All Clear".

(Just because you can't see a problem doesn't mean it isn't there)

 

 

==================

 

 

Please update, and run a full scan with MBAM.

 

Please Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

 

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

 

Go here ======> A guide and tutorial on using ComboFix <====== Go here

 

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should get a prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

 

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

(2) Click Yes to allow ComboFix to continue scanning for malware.

 

When the tool is finished, it will produce a report for you.

 

 

Please copy/paste C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system.

 

 

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.