Hijacked Browser/ Global Root/system 32

Lenovo Thinkpad z60t notebook
August 22, 2009 at 12:51:53
Specs: Windows XP
I Got the VirusPro virus and malwarebyte's seemed to take care of most of it. But now, my browser is hijacked when using googe/yahoo etc. Malwarebytes says it deletes the globalroot files, but they always come back. Can anyone help me get rid of this????? Thanks a ton in advance.

See More: Hijacked Browser/ Global Root/system 32

Report •


#1
August 22, 2009 at 12:59:18
Hello,

according to your description it seems to me like this widespread rootkit infection. Can you send us Gmer log?

http://www.gmer.net/#files

- Download .exe file
- Launch it
- Wait a while and run full scan
- Save log file
- Post it here

David
http://www.virus-support.com


Report •

#2
August 22, 2009 at 13:07:18
Here's the gmer log


http://www.megaupload.com/?d=50WBKZBR

Thanks!


Report •

#3
August 22, 2009 at 13:17:42
Library \\?\globalroot\systemroot\system32\hjgruixjgudodl.dll

This part of the rootkit. Run gmer again, select this line, right-click on it. There should be something like "Wipe file" or "Delete file" or "Force delete" (sorry i am not sure of the name of action now). So try to delete it and reboot computer.

However i am afraid that it wont help at this step. Gmer was not able to find system service which is in fact launching the infection (and loading libraries). If it wont help, try to run gmer again and open "registry" tab(its hidden under >>> symbol). There should be registry tree visible. Tell me, if you are able to open "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/" in tree. Also try "files" tab and tell me if you are able to browse files on drive C:/. Then I will send you detailed description what to do.


Report •

Related Solutions

#4
August 22, 2009 at 13:32:47
Just to clarify wipe all the files like that? Or a specific one?

Report •

#5
August 22, 2009 at 13:38:32
Just this Library

"Library \\?\globalroot\systemroot\system32\hjgruixjgudodl.dll"

David
http://www.virus-support.com


Report •

#6
August 22, 2009 at 13:46:35
I received a warning that rootkit had caused system modification. Also after right clicking on the files I can see the Delete file/kill file options but they are greyed out. I can get as far as HKEY_LOCAL_MACHINE/SYSTEM/ but I see no current control set option. The C:/ drive also will not open.

Report •

#7
August 22, 2009 at 14:00:45
Thats not good. :( Obviously this rootkit is "gmer ready" and it disabled some gmer functions.

I have a special offer for you... Join Live Help chat on http://www.virus-support.com and I will solve it for you for FREE.


Report •

#8
August 22, 2009 at 14:34:20
My internet dropped for a minute, but I am connected again.

Report •

#9
August 22, 2009 at 15:29:06
Thanks so much for you help! Rootkit resolved.

Report •

#10
August 24, 2009 at 17:11:35
Any chance of advising how to resolve this, have the exact same issue on my mother in laws machine and it is crippling me. Have been working on this for over 5 hours without success.

Report •

#11
August 24, 2009 at 17:34:29
My GMER log is uploaded here

http://www.megaupload.com/?d=G2PXNU6D


Report •

#12
August 25, 2009 at 15:43:09
Sorted this myself tonight. Downloaded the Sophos Anti Root Utility. Took a couple of scans and cleans, but mother in law is now a happy bunny and her laptop is working correctly.


Report •


Ask Question