pepsiaddict
Technical User
My brother seems to have acquired a pretty nasty piece of malware on his PC ... was wondering if someone might have run into this before and could help me solve the problem.
*** Symptoms ***
Constant pop-up ads, every few minutes and immeadiate when some webpages are opened.
*** Troubleshooting ***
Did the usual ... run AdAware and Spybot ... found multiple instances of spyware, cleaned them all ... both utilities now only return normal cookies in their results. However, the pop-ups continued.
Ran a full System Scan using Symantec Anti-Virus using the latest virus definitions. Nothing was found. The pop-ups continued.
Checked all the places in the registry that a process could start from at boot, removed everything that shouldnt be there. Rebooted. The pop-ups continued.
Ran the Microsoft Malware Detector for November, it found nothing. The pop-ups continued.
Ran the "Rootkit Revealer" available from Sysinternals and discovered 3533 files that it claims are hidden from the the Windows API ... including:
These registry keys:
HKLM\SOFTWARE\CtPVnACFLU5D
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FLTDSVR
HKLM\SYSTEM\ControlSet001\Services\FltdSvr
These files:
C:\Program Files\Vene inc\ace.dll
C:\Program Files\Vene inc\data.bin
C:\Program Files\Vene inc\iersrpcn.exe
C:\Program Files\Vene inc\t2enetpp.exe
C:\Program Files\Vene inc\WinGenerics.dll
C:\Program Files\Vene inc\Cache\*.* (there are 3508 randomly named files hidden in this hidden directory)
C:\Program Files\Vene inc\Cache\dns
C:\Program Files\Vene inc\Cache\index
C:\WINDOWS\system32\drivers\waniaide.sys
C:\WINDOWS\system32\mgmieftp.exe
So basically I know there is a problem with the system and that there is a good chance that a rootkit was installed, but I dont have a clue how to remove it.
To compound the problem the computer is at school with my brother in Pennsylvania (I am in New York) and he isnt very computer savy ... so most of the troubleshooting has to be done through a RealVNC connection.
Anyone have any ideas? I am at a total loss.
Thanks in advance,
~Matt
*** Symptoms ***
Constant pop-up ads, every few minutes and immeadiate when some webpages are opened.
*** Troubleshooting ***
Did the usual ... run AdAware and Spybot ... found multiple instances of spyware, cleaned them all ... both utilities now only return normal cookies in their results. However, the pop-ups continued.
Ran a full System Scan using Symantec Anti-Virus using the latest virus definitions. Nothing was found. The pop-ups continued.
Checked all the places in the registry that a process could start from at boot, removed everything that shouldnt be there. Rebooted. The pop-ups continued.
Ran the Microsoft Malware Detector for November, it found nothing. The pop-ups continued.
Ran the "Rootkit Revealer" available from Sysinternals and discovered 3533 files that it claims are hidden from the the Windows API ... including:
These registry keys:
HKLM\SOFTWARE\CtPVnACFLU5D
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FLTDSVR
HKLM\SYSTEM\ControlSet001\Services\FltdSvr
These files:
C:\Program Files\Vene inc\ace.dll
C:\Program Files\Vene inc\data.bin
C:\Program Files\Vene inc\iersrpcn.exe
C:\Program Files\Vene inc\t2enetpp.exe
C:\Program Files\Vene inc\WinGenerics.dll
C:\Program Files\Vene inc\Cache\*.* (there are 3508 randomly named files hidden in this hidden directory)
C:\Program Files\Vene inc\Cache\dns
C:\Program Files\Vene inc\Cache\index
C:\WINDOWS\system32\drivers\waniaide.sys
C:\WINDOWS\system32\mgmieftp.exe
So basically I know there is a problem with the system and that there is a good chance that a rootkit was installed, but I dont have a clue how to remove it.
To compound the problem the computer is at school with my brother in Pennsylvania (I am in New York) and he isnt very computer savy ... so most of the troubleshooting has to be done through a RealVNC connection.
Anyone have any ideas? I am at a total loss.
Thanks in advance,
~Matt