HELP, rootkit.hiddenfolder, rootkit.hiddenfile

[Guest]

[panic]

[at]pisselone,

Your links to freefilehosting.net do not work. Can tou please attach the logs (as an attachment) to a post on these forums, rather than uploading to a 3rd party site and linking to them.

Ewen :-)

[Grosbébé]

Hello

Yes, it's better if your logs are attached. Freefilehosting is blocked by WOT and Norton ConnectSafe.

Well, I read your logs and one thing which appeared in your first post is still here.


Are you using both Microsoft Security Essentials and Comodo Antivirus ? Having two active antivirus can lead to major bugs. If you have these two antivirus, I advise you to uninstall one of them.


Download ComboFix from one of these locations:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon (disable Defense+ and Antivirus). They may otherwise interfere with our tools.
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

[pisellone]

"attach"
i didn't see this option before !!!

[pisellone]

and the other

[pisellone]

to Grosbébé:

(sorry again for my bad english)
i'm using microft essential and comodo because the virus was on my pc, has disabled a lot of security options..
virus has removed, but damages are remained

now i can't use microsoft firewall
i can't open security center
and i can't deactivate microsoft security essential

.. now i try combofix

EDIT:
combofix does nothing.. only created 2 folders:
32788R22FWJFW
ComboFix

[languy99]

try using Comodo cleaning essentials, open up killswitch and try the Quick repair from the tool bar at the bottom.

[pisellone]

 
combofix deleted ROOTKIT.ZEROACCESS
comodo scan gives 0 infections now
thanks to all

[Grosbébé]

Hello

to Grosbébé:

(sorry again for my bad english)

No problem, english is not my mother tongue, I understand how difficult it is

i'm using microft essential and comodo because the virus was on my pc, has disabled a lot of security options..
virus has removed, but damages are remained

Ok, and now, do you still see something unusual ?
By the way, you should only keep one real time protection, please uninstall Microsoft Security Essentials or CIS.

combofix deleted ROOTKIT.ZEROACCESS
comodo scan gives 0 infections now

Great, could you please attach the combofix log ? Absence of symptoms does not mean that everything is clear.

Regards.

[pisellone]

the only thing changed is the pc speed: now is good !

microsoft s. essential uninstalled from control panel

and this is combofix.txt, but it doesnt tell a lot:

ComboFix 12-06-21.03 - merdows7 25/06/2012  15:23:04.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.958.460 [GMT 2:00]
Eseguito da: C:\Users\merdows7\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

[Grosbébé]

Indeed.
Could you please run it again. Then attach the log


If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

[pisellone]

  never done money operations from pc... they cannot stone nothing !!

ok: the second scan with combofix is clean, the report is longer than first, and he talks about the cleaning action of the first scan,
attached the file.txt

but when it finish, comodo gives this:


edit: uhm.. I think is a test file, not a malware

[Grosbébé]

Hello

The Combofix log is incomplete, but it should be ok.


Please be sure to disable Defense+


========================================================

Some of the issues you describe at the beginning may still be there, i'd like to verify.

Please click here to download Farbar Service Scanner (FSS) to your desktop

• Run FSS
  
• Tick all options ...

... and click on the "Scan" button.

• Once done, it will create a log (FSS.txt) in the same directory the tool is run.

Close Farbar Service Scanner and attach the log.


========================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code:

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\oowhvvfl.sys -- (oowhvvfl)

:Files
C:\Windows\system32\dds_log_trash.cmd

:Commands
[purity]
[emptytemp]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then attach a new OTL log. (run OTL, click Quick Scan)

========================================================

Enable Defense+

[pisellone]

the surprise is:
after the last reboot, security center, windows firewall, and microsoft defender, are working !!!

if you are talking about this, i think the farbar is not necessary, true?

i think it's time to make a ghost backup of my pc

[Grosbébé]

after the last reboot, security center, windows firewall, and microsoft defender, are working !!!

if you are talking about this, i think the farbar is not necessary, true?

True

i think it's time to make a ghost backup of my pc

Not now, please wait, all the nasty files are still present on your system.

[pisellone]

what have i to do, before the ghost ?

[Tags:]