Recurring Rootkit Detection

Forum|Forum|10 years ago
December 7, 2015
1 reply
38 views

mwheelz

Hey guys,

Looks like I keep getting reinfected by this rootkit, or that it isn't being entirely uninstalled. How can I make sure this baddie doesn't come back? I know rootkits are complicated critters...

Here's some file removal log:

Automated Cleanup Engine
Starting Cleanup at 06/12/2015 - 20:56:50 GMT

Starting Routine> Removing SystemCurrentControlSetServicesMessagingService_340795...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesMessagingService_340795
Deleting Registry Key> HKLMSystemCurrentControlSetServicesMessagingService_340795
Starting Routine> Removing SystemCurrentControlSetServicesOneSyncSvc_340795...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesOneSyncSvc_340795
Deleting Registry Key> HKLMSystemCurrentControlSetServicesOneSyncSvc_340795
Starting Routine> Removing SystemCurrentControlSetServicesPimIndexMaintenanceSvc_340795...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesPimIndexMaintenanceSvc_340795
Deleting Registry Key> HKLMSystemCurrentControlSetServicesPimIndexMaintenanceSvc_340795
Starting Routine> Removing SystemCurrentControlSetServicesUnistoreSvc_340795...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesUnistoreSvc_340795
Deleting Registry Key> HKLMSystemCurrentControlSetServicesUnistoreSvc_340795
Starting Routine> Removing SystemCurrentControlSetServicesUserDataSvc_340795...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesUserDataSvc_340795
Deleting Registry Key> HKLMSystemCurrentControlSetServicesUserDataSvc_340795
Starting Routine> Removing threats - Please wait...#...

Automated Cleanup Engine
Starting Cleanup at 07/12/2015 - 23:28:35 GMT

Starting Routine> Removing SystemCurrentControlSetServicesMessagingService_36a35...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesMessagingService_36a35
Deleting Registry Key> HKLMSystemCurrentControlSetServicesMessagingService_36a35
Starting Routine> Removing SystemCurrentControlSetServicesOneSyncSvc_36a35...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesOneSyncSvc_36a35
Deleting Registry Key> HKLMSystemCurrentControlSetServicesOneSyncSvc_36a35
Starting Routine> Removing SystemCurrentControlSetServicesPimIndexMaintenanceSvc_36a35...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesPimIndexMaintenanceSvc_36a35
Deleting Registry Key> HKLMSystemCurrentControlSetServicesPimIndexMaintenanceSvc_36a35
Starting Routine> Removing SystemCurrentControlSetServicesUnistoreSvc_36a35...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesUnistoreSvc_36a35
Deleting Registry Key> HKLMSystemCurrentControlSetServicesUnistoreSvc_36a35
Starting Routine> Removing SystemCurrentControlSetServicesUserDataSvc_36a35...#(PX5: - MD5: )...
Deleting Registry Key> HKLMSystemCurrentControlSetServicesUserDataSvc_36a35
Deleting Registry Key> HKLMSystemCurrentControlSetServicesUserDataSvc_36a35
Starting Routine> Removing threats - Please wait...#...

+62

Ssherjj
Moderator
Forum|Forum|10 years ago
December 7, 2015

Hello mwheelz,

Welcome to the Webroot Community,

Your best bet is to Submit a Support Ticket and have them take a look. This is a free service with a Webroot subscription.

IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester

B

Like

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded