Hi, I'm running Windows 7.64, with an English language systeem. I use Chinese and Japanase input. But suddenly Korean appears as the language when I log in to the system when awakening from sleep, and it's unremovable from the language bar. All the other languages can be "Removed", but Korean cannot (see attachment - where 'remove' is greyed out). Since it's appearing before the login, I suspect it's a rootkit?
I'm not a programmer, but am good at following isntructions. I thought my virus protection was pretty good but found out recently it is quite poor: I'm using Symantec Endpoint Protection as a background, and then manually scan any new files I download with MBAM. But after a big crash a few months back I scanned the laptop drive on a Linux Redhat (?), and it removed 50+ viruses. So I know my security's not great, despite these measures. I'm an unpaid graduate student, so can't afford expensive virus protection.
I think I've got something again, and am unsure how to go about getting it out, and worried it's tracking keystrokes or something. I've attached a Hijack this scan as a zip file.
Thanks for your help!


5 Years
Discussion Span
Last Post by gerbil

Hello, Michael, the fact that when you highlight Korean in the Text Sevices window the Add button is available rather indicates that the system thinks Korean in not already enabled.
Your point about costs.... just because something is free doesn't mean it is not valuable and worthwhile. Most of us here use the free AV services; I use the free Avast. Hasn't failed me once.
Your Symantec Endpoint is a full AV+AS service, it will scan everything that comes in and goes out of your system, and everything that starts or is called, automatically. [It would mark files as safe so as not to scan them again needlessly, the mark is removed if they are altered].
So, let's see what's going on... and I see nothing to alarm in that log [know that Trend Micro have not continued development on Hijackthis, it is less of a useful tool than once it was]. There are several orphaned entries, but they were never malicious, nothing to bother about.
Here is a link that you may find interesting:


Thanks for the link, and your comments about the software.

When the other languages which I've installed are highlighted, they allow one to use the "add" button. It is for "adding" a language which isn't already listed in the box. They also all let me "remove" them. The Korean language option is distinct from all the other language options, it won't let me "remove" it. The thing is, I never installed Korean, it just appeared randomnly the other day.

If Hijack this is out of date, do you recommend a different scan?


I just looked more closely at your screenshots... you still have Korean set as the default input language [that is why it is being used at startup as the system language]; you will have to change that default to another language before you can remove Korean as a service. That default also sets your keyboard layout to being one of the allowed set for that language.
There are other tools available which give a more in-depth look at your system, the one I prefer is OTL, but I must say that so far I do not see any indication of malware. If you still fear a rootkit then perhaps try GMER, but generally rootkits are there for a purpose such as to make money from your actions by pushing your searches through a pay per click advertising site - you would likely notice.
==Download gmer.zip from http://www.majorgeeks.com/GMER_d5198.html ...or the exe from http://www.gmer.net/download.php - it will have some obscure name.
-dclick on gmer.zip and unzip the file to its own folder or to your desktop.
-close all running programs.
-dclick the .exe to start it; wait for the intial scan to complete [a few seconds]. Press the Copy button, open Notepad and paste into it.
-Then, if you did NOT get a warning at startup about rootkit activity, leave checkmarks ONLY at System, IAT/EAT, Devices, Modules, Processes, Threads and Services; click the Scan button and wait for the scan to finish (do not use your computer during the scan); press the Copy button, again paste that into a Notepad.
-please post that log.


Hi, thank you. Can't believe I didn't notice it had been set to default language - what an oversight.

I'm in the middle of high-pressue deadline, but will do the rootkit scan when I go to bed tonight, and post later. Thanks so much.


Puters are just too complex. The GMER scan... I think you are likely clean, so if oyu don't get a Rootkit!! warning, or red lines on the log there is no need to post it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.