MBAM found 31 backdoor bots.

[johngeo]

Avast found  3 Trojans and it tells me I have a rootkit, but can't get rid of it.
Any advice?

I am also having trouble getting rid of norton. Norton says that it is disabled, but Avast says that it is running.

This is a dell with xp pro. This isn't my computer, and what I was told,  it was fast at one time. It belonged to a car dealership before they were forced to shut their doors.

I have attached all 3 logs.

I thanks you in advance, and any help is greatly appreciated.

[attachment deleted by admin]

[Karnac]

Here is the link to your HJT analysis...

http://www.computerhope.com/cgi-bin/process.pl?o=8104747

Although it doesn't list steps for cleaning , there are two entries referring to the Aim toolbar which you should remove. Check them off in HJT and press Fix
Then run another Mbam scan .....let us know how the computer is running.
Rootkits are especially difficult to diagnose/remove , so evilfantasy will assist you with specialized tools.

Here is the link for the Norton removal tool...

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039/

[CBMatt]

Karnac, it would be appreciated if you don't tell people to start removing harmless files without explaining why they might want to consider removing it.  Thanks.  I'm not trying to be rude, but you're not exactly qualified to handle HJT logs.  And for the record, telling someone to basically find a couple of arbitrary registry files and delete them is generally frowned upon.




John, I've got a couple of questions for you.  Since running these scans, is Avast still detecting rootkits?  If so, could you please post the log for it?  Or do you have an old log by any chance?  Various unwanted files were removed, but I have no way of knowing if they are the same files being detected by Avast.

Also, the removal tool posted by Karnac should help out with removing Norton.  If you still have trouble, we have a brief tutorial in our FAQ's that I can direct you to.

[johngeo]

Hi Matt. I actually do not have that computer anymore. I gave it to a friend that needed a computer. I told them if they have any problems just go to this forum.

 I did get rid Norton, with the removal tool, and Avast didn't alert me anymore about a rootkit.

I do have another one I am trying to fix though to get some old pictures off of. The computer will boot, and only stay on for about 5 minutes.  Then it comes up with a screen that says dumping physical memory. I was wondering if that has to do with the software or the hardware? It stays on for about 20 minutes if I am in safemode. I downloaded avast in safemode, and it was doing the first scan through all the files. I would say about a quarter of the way through it went to the same screen, that said dumping memory. Something is also blocking the ethernet connection in normal mode.

In the short time that avast was scanning, it picked up about 10 viruses. The one I can remember off the top of my head was one that disabled and locked the task manager. I don't know if avast actually got rid of anything, because like I said it stopped about a quarter of the way and went to the dump memory screen.

I appreciate any help.

Thanks, John

[CBMatt]

Thanks for the update.  For what it's worth, the other computer should be clean.  As for this current computer...there's obviously an infection of some sort, and possibly something else unrelated.  It looks like there could be a chance that the RAM is failing.  The first thing you should do is make sure it is properly seated.  You can do this by opening the PC and pushing firmly (but not too hard) to ensure that the RAM sticks are in place.  If you're comfortable with doing so, it is sometimes better to actually take them out and reseat them, just to make sure they pop into place properly.

If that doesn't improve things, then you should run a memory test.  Look here for info on running a memory test:  http://oca.microsoft.com/en/windiag.asp

As for the infections themselves, see if you can get a HijackThis log posted.  It generally takes only a few seconds to scan, so you should have enough time to scan, save a log, and put it on a flashdrive.  It won't find everything, but hopefully it will help us at least alleviate the situation somewhat.

[johngeo]

 I can't get a connection in normal mode with that computer.
I can't down load HJT in safe mode either, because the page is to big for the screen, and I can't scroll down. Saying that, I just thought maybe I can just use the tab key.

[CBMatt]

Have you tried changing the resolution while in Safe Mode?  Perhaps that will help you see all of the screen.  The Tab key should help you navigate, but it won't do you much good if you can't see what you're highlighting.  If you have access to another internet-capable computer, you can download programs with that computer and then transfer them to the troublesome computer via flashdrive, CD, or whatever media is available.