HELP, rootkit.hiddenfolder, rootkit.hiddenfile

hello, i need help con CIS, but i cannot open new thread there
(sorry for my bad english)

after every scan, the result is

CIS removes all the rootkit.hiddenfile
but not the rootkit.hiddenfolder

the path of rootkit.hiddenfolder doen not exists…
i try to reboot from a cd, but also i dont see this path…

suggestions ?

It looks like an infection, I can’t find a Microsoft document on this KB number mentioned in the screenshot.
Also the file names in those folders seem very suspicious.

Can you run the following tools to see if they come up with anything?

Free recovery tools (TDSS Killer)
Download Malware Removal 2023 | Free Antivirus Scan & Virus Protection Tool

also run this and post a log after a scan for us, don’t remove anything till we look at it.

other programs found nothing
this is gmer log
(very long, is this correct?)


thx a lot

download does not work for me, it does nothing when I try to download it.

Hi languy99,
The log downloaded here, I will attach it for you.

Log from pisellone attached.

[attachment deleted by admin]

log looks ok to me. The rootkit detection routine in comodo is really just looking for hidden files. But I don’t think at this time it can actually identify a rootkit hidden file vs a normal hidden file. It looks just for hidden files and you have to make the determination.


ZAccess. Some nasty files might still be present on your system.

I found something similar here

now I start to read it

Please use a boot CD and make a copy of those files in the \Windows directory.
Then send these files to to see if they are part of a know boot/rootkit.

You can also try to boot CD and scan your system with a disk from e.g. DrWeb CureIt
More here:

I would say your next steps should be to download a clean version of kaspersky rescue disk and dr. web rescue disk and run both of them on reboot. If you realy have anything those should find it.

suspicious files already sent to comodo
avg rescue cd found nothing…
sorry… kaspersky rescue cd…

but now… I remember, some time ago, symantec removed sirefef from my pc…
can be inoffensive residue from this virus ?

watching on google for “zeroaccess” ill inform you about new… thx


Well, can you please do that.

[]Download OTL to your desktop. (Note: OTL is a direct download link)
]Double click on the icon to run it. (If running Vista or Windows 7, right click on it and select “Run as an Administrator”)
[]Make sure that both LOP Check and Purity Check are ticked
]Under the Custom Scans box at the bottom copy and paste this into it

netsvcs %SYSTEMDRIVE%\*.exe C:\Windows\assembly\tmp\U\*.* /s C:\Windows\installer\*.* /s /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop CREATERESTOREPOINT

[*] Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button.

[]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
]Please attach the two logs, one at a time, and post it with your next reply.

Mod Edit: Added direct download clarification about the OTL link, Captainsticks.

thx a lot, here the results




Your links to do not work. Can tou please attach the logs (as an attachment) to a post on these forums, rather than uploading to a 3rd party site and linking to them.

Ewen :slight_smile:


Yes, it’s better if your logs are attached. Freefilehosting is blocked by WOT and Norton ConnectSafe.

Well, I read your logs and one thing which appeared in your first post is still here.

Are you using both Microsoft Security Essentials and Comodo Antivirus ? Having two active antivirus can lead to major bugs. If you have these two antivirus, I advise you to uninstall one of them.

Download ComboFix from one of these locations:

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon (disable Defense+ and Antivirus). They may otherwise interfere with our tools.

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.[/i]

i didn’t see this option before !!!

[attachment deleted by admin]

and the other

[attachment deleted by admin]

to Grosbébé:

(sorry again for my bad english)
i’m using microft essential and comodo because the virus was on my pc, has disabled a lot of security options…
virus has removed, but damages are remained

now i can’t use microsoft firewall
i can’t open security center
and i can’t deactivate microsoft security essential

… now i try combofix

combofix does nothing… only created 2 folders: