HELP, rootkit.hiddenfolder, rootkit.hiddenfile

try using Comodo cleaning essentials, open up killswitch and try the Quick repair from the tool bar at the bottom.

;D ;D ;D
combofix deleted ROOTKIT.ZEROACCESS
comodo scan gives 0 infections now
thanks to all

Hello

No problem, english is not my mother tongue, I understand how difficult it is :wink:

i'm using microft essential and comodo because the virus was on my pc, has disabled a lot of security options.. virus has removed, but damages are remained
Ok, and now, do you still see something unusual ? By the way, you should only keep one real time protection, please uninstall Microsoft Security Essentials or CIS.
combofix deleted ROOTKIT.ZEROACCESS comodo scan gives 0 infections now
Great, could you please attach the combofix log ? Absence of symptoms does not mean that everything is clear.

Regards.

the only thing changed is the pc speed: now is good !

microsoft s. essential uninstalled from control panel

and this is combofix.txt, but it doesnt tell a lot:

ComboFix 12-06-21.03 - merdows7 25/06/2012 15:23:04.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.958.460 [GMT 2:00]
Eseguito da: C:\Users\merdows7\Desktop\ComboFix.exe
AV: COMODO Antivirus Enabled/Updated {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials Enabled/Updated {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: COMODO Firewall Enabled {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ Enabled/Updated {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials Enabled/Updated {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Indeed.
Could you please run it again. Then attach the log :slight_smile:

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

:slight_smile: never done money operations from pc… they cannot stone nothing !!

ok: the second scan with combofix is clean, the report is longer than first, and he talks about the cleaning action of the first scan,
attached the file.txt

but when it finish, comodo gives this:

http://i45.tinypic.com/2d9qxb6.jpg

edit: uhm… I think is a test file, not a malware

[attachment deleted by admin]

Hello

The Combofix log is incomplete, but it should be ok.

Please be sure to disable Defense+

========================================================

Some of the issues you describe at the beginning may still be there, i’d like to verify.

Please click here to download Farbar Service Scanner (FSS) to your desktop

[] Run FSS
[
] Tick all options …


… and click on the “Scan” button.
[*] Once done, it will create a log (FSS.txt) in the same directory the tool is run.
Close Farbar Service Scanner and attach the log.

========================================================

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following


:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\oowhvvfl.sys -- (oowhvvfl)

:Files
C:\Windows\system32\dds_log_trash.cmd

:Commands
[purity]
[emptytemp]

[]Then click the Run Fix button at the top
[
]Let the program run unhindered, reboot when it is done
[*]Then attach a new OTL log. (run OTL, click Quick Scan)

========================================================

Enable Defense+

the surprise is:
after the last reboot, security center, windows firewall, and microsoft defender, are working !!!

if you are talking about this, i think the farbar is not necessary, true?

i think it’s time to make a ghost backup of my pc

True :wink:

i think it's time to make a ghost backup of my pc
Not now, please wait, all the nasty files are still present on your system.

what have i to do, before the ghost ?

We have to clean your system :slight_smile: and then I have to remove all the tools you used with me.

Please go on with the OTL task (after Farbar Service Scanner).