Rootkit help PLEASE!!!

Ok so it started with a pop up saying that I will no longer received
updates from windows security and that my version of vista is not
genuine. Dell has check the system and it is genuine. I downloaded avast
and this is the what it said: suspicious malware:

c:/windows/system32/kdila.exe.rootkit:hiddenfile.
ccrtklum.dll

Can anyone please tell me how to get rid of this? I am unable to
uninstall spysweeper or download the updated version of mcafee because
of this. Any help would be greatly appreciated.


--
gardnertj00

Well 4 One Thing: McAfee Software Will Not Ever Let You Install Any Of Their
Programs While Other Anti-Virus And/Or Anti-Spyware Programs Are Installed
On Your Computer Due 2 Their Very Strict Software Incompatibility Check
(That's Why It Always Disables Windows Defender In Vista, Although I Have
Had No Problems With Re-Enabling It After The Install On Both XP And Vista),
Just FYI.

"gardnertj00" <> wrote in message
news:...
>
> Ok so it started with a pop up saying that I will no longer received
> updates from windows security and that my version of vista is not
> genuine. Dell has check the system and it is genuine. I downloaded avast
> and this is the what it said: suspicious malware:
>
> c:/windows/system32/kdila.exe.rootkit:hiddenfile.
> ccrtklum.dll
>
> Can anyone please tell me how to get rid of this? I am unable to
> uninstall spysweeper or download the updated version of mcafee because
> of this. Any help would be greatly appreciated.
>
>
> --
> gardnertj00

Install and scan with Spybot Search & Destroy, and Malwarebytes.
Scan in Safe Mode if necessary.
All info below.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with Avast(or your AV) and Spybot S & D while in Safe
Mode

--
Mick Murphy - Qld - Australia


"gardnertj00" wrote:

>
> Ok so it started with a pop up saying that I will no longer received
> updates from windows security and that my version of vista is not
> genuine. Dell has check the system and it is genuine. I downloaded avast
> and this is the what it said: suspicious malware:
>
> c:/windows/system32/kdila.exe.rootkit:hiddenfile.
> ccrtklum.dll
>
> Can anyone please tell me how to get rid of this? I am unable to
> uninstall spysweeper or download the updated version of mcafee because
> of this. Any help would be greatly appreciated.
>
>
> --
> gardnertj00
>

Sometimes you can delete manually in safe mode.
But usually it is better to scan with malware software in safe mode.
Spybot search & destroy is my choice, but there are many.
If it is indeed a rootkit, you might want to get one of the rootkit removal
tools.
I have used rootkitunhooker successfully.
Google has several free versions.

"gardnertj00" <> wrote in message
news:...
>
> Ok so it started with a pop up saying that I will no longer received
> updates from windows security and that my version of vista is not
> genuine. Dell has check the system and it is genuine. I downloaded avast
> and this is the what it said: suspicious malware:
>
> c:/windows/system32/kdila.exe.rootkit:hiddenfile.
> ccrtklum.dll
>
> Can anyone please tell me how to get rid of this? I am unable to
> uninstall spysweeper or download the updated version of mcafee because
> of this. Any help would be greatly appreciated.
>
>
> --
> gardnertj00

Microsoft's RootKit Revealer

http://technet.microsoft.com/en-us/s.../bb897445.aspx

"gardnertj00" <> wrote in message news:...
>
> Ok so it started with a pop up saying that I will no longer received
> updates from windows security and that my version of vista is not
> genuine. Dell has check the system and it is genuine. I downloaded avast
> and this is the what it said: suspicious malware:
>
> c:/windows/system32/kdila.exe.rootkit:hiddenfile.
> ccrtklum.dll
>
> Can anyone please tell me how to get rid of this? I am unable to
> uninstall spysweeper or download the updated version of mcafee because
> of this. Any help would be greatly appreciated.
>
>
> --
> gardnertj00

On Tue, 26 Aug 2008 21:04:30 -0500, gardnertj00 wrote:

> Ok so it started with a pop up saying that I will no longer received
> updates from windows security and that my version of vista is not
> genuine. Dell has check the system and it is genuine. I downloaded avast
> and this is the what it said: suspicious malware:
>
> c:/windows/system32/kdila.exe.rootkit:hiddenfile.
> ccrtklum.dll
>
> Can anyone please tell me how to get rid of this? I am unable to
> uninstall spysweeper or download the updated version of mcafee because
> of this. Any help would be greatly appreciated.

Rootkit Removal applications.
The effectiveness of an individual Rootkit removal application are
wide-ranging and it is recommended utilizing a collection of
detection/removal tools; You are encouraged to try all of them (join
relevant fora for additional support i.e. interpretation of scan results):

DarkSpy
http://www.antirootkit.com/software/DarkSpy.htm
http://www.antirootkit.com/forums/viewforum.php?f=18

F-Secure BlackLight (Download Trial)
http://www.f-secure.com/blacklight/
http://www.antirootkit.com/forums/viewforum.php?f=13

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php
http://antirootkit.com/forums/index....81ffe4361c3a17

IceSword
http://www.antirootkit.com/software/IceSword.htm
http://www.antirootkit.com/forums/index.php

RAIDE
http://www.rootkit.com/project.php?id=33
download:
http://www.rootkit.com/vault/petersi...IDE_BETA_1.zip
http://www.rootkit.com/boardm.php

Rootkit Revealer
http://www.microsoft.com/technet/sys...tRevealer.mspx
http://forum.sysinternals.com/forum_topics.asp?FID=15

RootKit Hook Analyzer
http://www.softpedia.com/get/Securit...Analyzer.shtml
http://www.antirootkit.com/forums/viewforum.php?f=17

RootKit Hook Analyzer
http://www.resplendence.com/hookanalyzer
http://www.antirootkit.com/forums/viewforum.php?f=17

RootAlyzer
http://forums.spybot.info/showthread.php?t=24185
http://www.spybotupdates.com/files/rootalyz.zip

Sophos Anti-Rootkit - Free tool for rootkit detection and removal
http://www.sophos.com/products/free-...i-rootkit.html
Direct link:
http://www.sophos.com/support/cleaners/sarsfx.exe
http://www.techsupportforum.com/netw...i-rootkit.html

System Virginity Verifier
http://www.softpedia.com/get/System/...Verifier.shtml
http://www.antirootkit.com/forums/viewforum.php?f=25

System Virginity Verifier
http://www.antirootkit.com/software/...y-Verifier.htm
http://www.antirootkit.com/forums/viewforum.php?f=25

VICE
http://www.rootkit.com/project.php?id=20
download:
http://www.rootkit.com/vault/fuzen_op/vice.zip
http://www.rootkit.com/boardm.php

"Make sure you always read the current user instructions for your scanning
tools to see what special steps you need to take before, during and after
the clean-up process. Then, after you've found and cleaned a rootkit,
rescan the system once you reboot to double-check that it was fully cleaned
and the malware hasn't returned."

Avoiding Rootkit Infection.
"The rules to avoid rootkit infection are for the most part the same as
avoiding any malware infection however there are some special
considerations:
Because rootkits meddle with the operating system itself they *require*
full Administrator rights to install. Hence infection can be avoided by
running Windows from an account with *lesser* privileges" (LUA in XP and
UAC in Vista).

AntiHook
http://www.infoprocess.com.au/AntiHook.php

DiamondCS ProcessGuard
http://www.diamondcs.com.au/processguard/
http://www.diamondcs.com.au/processguard/download.php

Educational viewing!
Mark Russinovich - Advanced Malware Cleaning
http://www.microsoft.com/emea/spotli...px?videoid=359

Good luck

<> wrote in message
news:OGcZXE$...
> Well 4 One Thing: McAfee Software Will Not Ever Let You Install Any Of
> Their Programs While Other Anti-Virus And/Or Anti-Spyware Programs Are
> Installed On Your Computer Due 2 Their Very Strict Software
> Incompatibility Check (That's Why It Always Disables Windows Defender In
> Vista, Although I Have Had No Problems With Re-Enabling It After The
> Install On Both XP And Vista), Just FYI.
>

You just don't know what you are doing as usual. Typical for an idiot
Ubuntu user.

From: "gardnertj00" <>

| Ok so it started with a pop up saying that I will no longer received updates from
| windows security and that my version of vista is not genuine. Dell has check the system
| and it is genuine. I downloaded avast and this is the what it said: suspicious malware:
| c:/windows/system32/kdila.exe.rootkit:hiddenfile. ccrtklum.dll Can anyone please tell
| me how to get rid of this? I am unable to uninstall spysweeper or download the updated
| version of mcafee because of this. Any help would be greatly appreciated. --
| gardnertj00

You are asking in the WRONG place.

There are anti virus news groups which are best suited for such subject matter.

In the Microsoft.* hierarchy it is... microsoft.public.security.virus

Or you can find others in the alt.* hierarchy.

You have two choices. I think the second is best for you.

The first...

GMER -- http://www.gmer.net/index.php
Undoubtedly the *best* anti rootkit utility out there.

The second...

Register for an account and then create a post on the SpyKiller with the above
information.
http://www.thespykiller.co.uk/index.php?board=3.0

Tell them I sent you there.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

View My Headers And You Will Notice That I Am No Longer Using Linux, Just
FYI.

I Am Now Using 64 Bit Dell OEM Windows Vista Service Pack One, Just FYI.

Windows Mail 6.0.6001.18000 = Windows Vista Service Pack One, Just FYI.

"Bill Yanaire" <> wrote in message
news:3Ritk.17958$...
>
> <> wrote in message
> news:OGcZXE$...
>> Well 4 One Thing: McAfee Software Will Not Ever Let You Install Any Of
>> Their Programs While Other Anti-Virus And/Or Anti-Spyware Programs Are
>> Installed On Your Computer Due 2 Their Very Strict Software
>> Incompatibility Check (That's Why It Always Disables Windows Defender In
>> Vista, Although I Have Had No Problems With Re-Enabling It After The
>> Install On Both XP And Vista), Just FYI.
>>
>
> You just don't know what you are doing as usual. Typical for an idiot
> Ubuntu user.
>
>
>
>

<> wrote in message
news:...
> View My Headers And You Will Notice That I Am No Longer Using Linux, Just
> FYI.
>
> I Am Now Using 64 Bit Dell OEM Windows Vista Service Pack One, Just FYI.
>
> Windows Mail 6.0.6001.18000 = Windows Vista Service Pack One, Just FYI.
>

So today you are a windows user. Tomorrow you will be ****ed off because you
can't something to work, you will cry like a baby, remove Vista, claim that
Vista should be removed by the DOJ, whine and stomp your feet, then install
Ubuntu. My previous statement applies.




> "Bill Yanaire" <> wrote in message
> news:3Ritk.17958$...
>>
>> <> wrote in message
>> news:OGcZXE$...
>>> Well 4 One Thing: McAfee Software Will Not Ever Let You Install Any Of
>>> Their Programs While Other Anti-Virus And/Or Anti-Spyware Programs Are
>>> Installed On Your Computer Due 2 Their Very Strict Software
>>> Incompatibility Check (That's Why It Always Disables Windows Defender In
>>> Vista, Although I Have Had No Problems With Re-Enabling It After The
>>> Install On Both XP And Vista), Just FYI.
>>>
>>
>> You just don't know what you are doing as usual. Typical for an idiot
>> Ubuntu user.
>>
>>
>>
>>
>