DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Unable to completely remove HackTool.Rootkit virus (http://www.daniweb.com/forums/thread23500.html)

adion May 13th, 2005 9:26 am
Unable to completely remove HackTool.Rootkit virus
 
:sad:

Hi,

My PC had recently been attacked by HackTool.Rootkit virus. I went through some of the instructions that were posted in this forum and was able to remove it partially. But the virus is still lurking somewhere in my PC and i'm unable to remove it completely. Well, here's what i've done till now -

- I've installed MS Anti-Spyware (Beta) and removed all spyware from my comp.
- I found out that msdirectx.sys was the troublemaker and removed all occurrances of it from the registry and deleted all physical instances of the file too.
- I've run all the possible antivirus programs available - Stinger, AVG, NAV, McAfee 2005 - but in vain.

The problem now is that some malicious process shows up in my task manager (see HijackThis log below) called bwgo0000*.exe. I kill it each time and delete the program from the %temp% dir, but each time i reboot the system, it shows up again and tries to connect to the internet. Please help...!!

Logfile of HijackThis v1.99.1
Scan saved at 9:05:28 AM, on 5/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\DOCUME~1\Adithya\LOCALS~1\Temp\bwgo0000bee6.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
D:\Downloads\HijackThis.exe
E:\WINDOWS\System32\rasautou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
O4 - HKLM\..\Run: [MVS Splash] E:\Program Files\McAfee\Managed VirusScan\VScan\Splash.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41174515-8D66-4B49-82FD-6EDED8F5CCF5}: NameServer = 202.144.95.4,202.144.66.6
O18 - Protocol: bw+0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - E:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.624.dll
O18 - Protocol: offline-8876480 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: McShield - Network Associates, Inc. - E:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe

Thanks in advance :)

dlh6213 May 13th, 2005 10:26 am
Re: Unable to completely remove HackTool.Rootkit virus
 
Hi adion, welcome to DaniWeb :D

Your system most likely has been severely compromised; can you use System Restore to return it to a date before you were infected? (http://securityresponse.symantec.com...l.rootkit.html) You may need to consider reinstalling XP; if you do, get SP2 as soon as possible thereafter.

You can try the following to see if it helps any:

Go to Windows Update and get SP1a for both XP and IE.

Check for, and delete, the files listed here:
http://vil.mcafeesecurity.com/vil/content/v_102335.htm

Go to Start, Run, and type in services.msc; when the Services window opens, disable (for the time being at least) any entries that say Remote Access... (To disable them, first right-click on the entry, go to Properties, and next to Startup type, use the drop-down arrow and select Disable.

Scan with hijackthis and have it fix the following entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Cross your fingers, reboot, and see if there is any improvement.

wiiwoo May 16th, 2005 9:35 am
Re: Unable to completely remove HackTool.Rootkit virus
 
:idea: Try out f-secure rootkit removal product, it´s still in beta phase but may detect/remove this rootkit of yours.

http://www.f-secure.com/blacklight/

wiiwoo

Quote:
Originally Posted by adion
:sad:

Hi,

My PC had recently been attacked by HackTool.Rootkit virus. I went through some of the instructions that were posted in this forum and was able to remove it partially. But the virus is still lurking somewhere in my PC and i'm unable to remove it completely. Well, here's what i've done till now -

- I've installed MS Anti-Spyware (Beta) and removed all spyware from my comp.
- I found out that msdirectx.sys was the troublemaker and removed all occurrances of it from the registry and deleted all physical instances of the file too.
- I've run all the possible antivirus programs available - Stinger, AVG, NAV, McAfee 2005 - but in vain.

The problem now is that some malicious process shows up in my task manager (see HijackThis log below) called bwgo0000*.exe. I kill it each time and delete the program from the %temp% dir, but each time i reboot the system, it shows up again and tries to connect to the internet. Please help...!!

Logfile of HijackThis v1.99.1
Scan saved at 9:05:28 AM, on 5/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\DOCUME~1\Adithya\LOCALS~1\Temp\bwgo0000bee6.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
D:\Downloads\HijackThis.exe
E:\WINDOWS\System32\rasautou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
O4 - HKLM\..\Run: [MVS Splash] E:\Program Files\McAfee\Managed VirusScan\VScan\Splash.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41174515-8D66-4B49-82FD-6EDED8F5CCF5}: NameServer = 202.144.95.4,202.144.66.6
O18 - Protocol: bw+0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - E:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.624.dll
O18 - Protocol: offline-8876480 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: McShield - Network Associates, Inc. - E:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe

Thanks in advance :)

adion May 17th, 2005 5:37 am
Re: Unable to completely remove HackTool.Rootkit virus
 
Hi,

I tried all of the solutions that you guys have given but in vain! :( I don't have any System Restore points because I reset it myself as the infection had crept into my _RESTORE directory also. F-Secure (Beta) couldn't find the virus. Do I have ANY other alternative other than reinstalling XP?

Thanks a ton for the help!

dlh6213 May 17th, 2005 5:43 am
Re: Unable to completely remove HackTool.Rootkit virus
 
I don't think so myself, but you can wait and see if there are any other opinions...


All times are GMT -4. The time now is 1:20 pm.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC