GMER Scan.
Yvonne York
After scanning with Gmer a window popped-up indicating:
[quote]
GMER
Warning !!!
GMER has found system modification caused by ROOTKIT activity.
[unquote]
I examined all items and there one (1) item shown in red letters.
Type: Libary
Name: C:\Documents [***hidden***] @ C:\Documents[2216
Value: 0x00400000
I assume that this item is the culprit in question. I request guidance as
how to proceed and eliminate this rootkit.
TIA
David H. Lipman
| GMER 1.0.14.14536
| TIA
Please post in the below expert forum where you can get expert advice.
http://www.thespykiller.co.uk/index.php?board=3.0
NOTE: Registration is REQUIRED in the forum before posting a log.
Note in your post that I sent you there.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
kalyan
pl post the log file for analysis
If you are not able to remove the rootkit
try this
http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip
http://www.sophos.com/products/free-tools/sophos-anti-rootkit/download/
http://research.pandasecurity.com/blogs/images/AntiRootkit.zip
--
Warm Regards
Kalyan
"Yvonne York" <Yvo...@home.com> wrote in message
news:5EE3063A-6316-46EB...@microsoft.com...
David H. Lipman
David H. Lipman
< snip >
| I examined all items and there one (1) item shown in red letters.
| Type: Libary
| Name: C:\Documents [***hidden***] @ C:\Documents[2216
| Value: 0x00400000
< Snip >
Please return to the thread you started.
The above in combo with...
O23 - Service: GEIF - Unknown owner - C:\DOCUME~1\TRAVEL~1\LOCALS~1\Temp\GEIF.exe (file
missing)
Is indicative of malware and possibly a RootKit as suspected.