Rootkit-pakes.M

[leem]

Hi,

This is my first post and am desperate for advice regarding the removal of the Rootkit-pakes.M.

OK first things first, the history.

I've just started the standalone again having not used it for months.  Got it all cleaned up and had it running nice n fast. On 16 Aug I went to the site FMportals.com and AVG 8.5 flashed up with a warning that the site was dangerous. Before I could do anything it appeared that I had been attacked/downloaded the trojan unwittingly.

I actually figured it had been a false alarm until starting the PC on 17 Aug, when AVG Resident shield flagged up the rootkit sitting at the following filepath:

C://WINDOWS//system32/drivers/ntfs.sys

This was also accompanied by a couple of other related files, opening a back door.  AVG was able to get rid of these files but not the rootkit. (cont)

[leem]

I then tried ccleaner before stumbling upon your wesbite.

I have now followed your step by step guide and will attach the logs.

What concerns me though is that none of the logs makes mention of the rootkit-pakes.M trojan BUT have found several others including win98.exe and a couple more.

All your help and advice will be most greatfuly received!

Here come the logs...

[leem]

SAS Log

[attachment deleted by admin]

[leem]

MBam Log and Sniper Log

[attachment deleted by admin]

[leem]

Also, just how dangerous is this rootkit and what are the consequences of leaving it in place?

[SuperDave]

Leem, your HJT log looks quite clean. The two scans you ran before cleaned up some infections. Here is some information about rootkits and there are also some tools you can use to scan your machine. I also noticed that you have no Firewall running on your computer. You should activate the Windows Firewall or better yet, download one of these free third-party firewalls which are superior to the Windows Firewall found here. Personally, I prefer ZoneAlarm. You should keep SAS and MBAM on your computer and run them weekly but you should also add programs such as Spybot S&D, Ad-Aware, and SpywareBlaster to protect against malware and spyware. They're all free. Wait a few days to see if the resident specialists have any other things for you to do. If not, try these tips. Oops, almost forgot. You should download and install Service Pack 3 which will give you additional protection.

[leem]

Hi Superdave,

Many thanks for all of you advice.  I had previously been told that running Windows firewall alone was sufficient and had gotten rid of my Zonealarm.  I have no idea how the windows firewall got turned off though...

Anyway.  I did as you said and added Commodo, which so far seems a little less intrusive then Zonealarm, so I'm happy there on all counts.

I am keeping the SAS and MBAM to complement AVG 8.5, as well as running CCleaner.  The big difference that cleaned the virus though was the Windows SP.  It seems that when it installed it uninstalled the infected old drivers (which have now been CCleaned!)

So again, many, many thanks :-D

I currently run AVG. I also now have sas and MBAM. Do the spybot/adaware/spywareblaster programme slow the machine down much? Why so many programmes that seemingly serev the same function? Or do they all do something alightly different?

[SuperDave]

I currently run AVG. I also now have sas and MBAM. Do the spybot/adaware/spywareblaster programme slow the machine down much? Why so many programmes that seemingly serev the same function? Or do they all do something alightly different?

I'm currently running SpywareBlaster, Spybot S&D and Threatfire as well as Avast AV and there is no slowness in my computer. Evil once told me that a layered approach was the best way to protect against Viruses and infections.

[Helpmeh]

When it comes to AV, 2 is not often better than one. If you find 2 free ones that truly are compatible with each other, tell me!

[SuperDave]

Right. Only one AV at a time but for spyware & malware you can run as many as you want. Plus a good firewall that blocks outgoing as well as incoming.

[w4s]

I had the same problem
Tried Spybot and Malwarebytes. Neither could clean it up.
Tried going back to a restore point (Start -> Accessories -> System Tools -> System Restore). Did not work for me.

Finally went to microsoft for help. They suggested I run the scanner at onecare.live.com. Seems to have worked so far....