chrome malware? and Rootkit impossible to remove

A

AnnaJohansen

New Member
Thread author
Sep 22, 2016
7
0
2
Norway
Hello.

I am new here but i thought i would try to get some help from you interpeting logfiles. Apparently i have a rootkit, or multiple according to gmer "sometimes". shows different results sometimes. Plus i thing something is weird with chrome,behaves abnormal, and in logfile it says the startup page starts wit hxxxs.google PLUS hitmanpro says i have a irp_mj_scsi kernel mode hook on storahci.sys, been detected but buypassed. its a hidden driver. and mouse lags +++ almost like theres a ghost in here:)

Can you help me interpet the logfile and see if there is something that can be done?
 

Attachments

Hello,


Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 
well this was better, i now think i found the irphook on system32/.crusader? opened the file and there it said in writing: rootkit.. will seee, there is a lot of things that is wrong i think:)
 

Attachments

oh okey thats good:) can you see the attached file and tell me what it means? says rootkit so i wonder... oh and buy the way.. downloaded gmer from gmer.net... it says i have a rootkit, and when i scanned the registry every item in HKEY-LOCAL-MACHINE was coloured red. wich means it must mean something... im a bit paranoid, been hijacked twice before, lost money passwords etc....

thank you for all youre help and more maybe;)
 

Attachments

Let's perform a scan with TDSSKiller.

TDSSKiller_Kaspersky.png
Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on
    TDSSKiller_Kaspersky.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    If Cure is not available, please choose Skip instead.
  • Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.
 

You may also like...