Rootkit win32 virus?

Microsoft Microsoft windows xp home edit...
April 18, 2010 at 21:22:40
Specs: Windows XP
This is an issue a friend who does not speak English is having, so I’m posting this for her in hopes to be able to get an answer, as I’ve run my limited knowledge of tech support dry.

(We have tried downloading hijack several times, but so far it’s not allowed her to, so here’s all the information we’ve been able to gather so far, I'll try again to install it tomorrow)

The user was on her computer which had no sort of issues until she attempted to download a movie through Ares. Before the file finished downloading, the user attempted to open the file, prompting AVAST to go off.

She cut the internet connection immediately, but was informed by the antivirus that it had already infected three main system files (Winsock.dll, wsock32.dll, kernel32.dll) and it started spreading immediately. She used AVAST to quarantine the infected files.

After that she ran a number of antispyware (mkr online, malwarebytes, doctor spyware, dr web) but all of them said there was nothing infecting the computer. When she used online virus total it told her her system was still infected.

User downloaded super anti spyware and cleaned several spybots and a Trojan, but as it’s not specialized in virus it was unable to find the rootkit win32.


all of those have been eliminated after the restart.

Avast has the following folders quarantained:

As you can see, while several files are infected, we are unable to find the original one that spread the infection.

What can we do? as far as I understand, the kernell is a veyr important driver and once infected....
Would Start Menu/ Acccesories/ System Tools /System Restore work?
What about ?

See More: Rootkit win32 virus?

April 19, 2010 at 04:16:41
Try these 2 free fully functional trials
Trojan Remover
Hitman Pro
and remove all they find. Run untill they are clean and then you can uninstall them.

If you can't get online, use winsockfix and that should get you going.

Also you should do a bootscan with avast to make sure all is clean.

Some HELP in posting on plus free progs and instructions Cheers

Report •

April 20, 2010 at 14:52:29
We've run both ans thought they found one or two things to remove, the computer is still as slow as ever.

we can't install kaspersky as it wants her to uninstall AVAST (which is where all the quarantined stuff is!), so we don't know what else to do.... Please help ;^;

Report •

April 20, 2010 at 15:12:00
you can try combofix
Just follow the instructions carefully and you will be fine.

Some HELP in posting on plus free progs and instructions Cheers

Report •
Related Solutions

Ask Question