Thanks: 
Likes: 
Dislikes: 
Re: Anybody else get a virus tonight?
if you really want to go all out this thing doesn't really do anything but it will show you if you've got something
here's the thing from the computer website about how to run it
We can kill this thing though.
Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.~Blade
- Extract RootRepeal.exe from the zip archive.
- Open
on your desktop.
- At the top of the window, click Settings, then Options.
- Click the Ssdt & Shadow Ssdt Tab.
- Make sure the box next to "Only display hooked functions." is checked.
- Click the "X" in the top right corner of the Settings window to close it.
- Click the
tab.
- Click the
button.
- Check all seven boxes:
- Push Ok
- Check the box for your main system drive (Usually C
, and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the
button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
when I ran that the first time this came up
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/16 07:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF535F000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A15000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF05D8000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SKYNETlewfgilt.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETlewfgilt.sys
Address: 0xF5587000 Size: 167936 File Visible: - Signed: -
Status: Hidden from the Windows API!
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\SKYNETabwqqlam.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\SKYNEToujwckqf.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\SKYNETovrdqjdu.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\SKYNETrqvpepxj.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETxjvenappfh.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETxmxgokprxe.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETxobcgfnyyb.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETxouftkbfni.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETxrxtcepowx.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETxtvxunmcqf.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETxwbcqvnmsp.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETxxvcxnlqru.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETyigmtnrxkv.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETynxvripjir.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETyovnfvorxi.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETyrbqyneewd.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETyrbrxrxvnl.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\T30DebugLogFile.txt
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\Temporary Internet Files
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\wallpaper.log
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\WizInstaller.log
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\_avast4_
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\_ISTMP1.DIR
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETchroienwen.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETcqxdcsbdie.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETcrnsexjqqo.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETcvitqsbfns.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETeexnlqddtt.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETeiwucrjiej.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETeqvoremdri.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETetbvoufjix.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETeudylbeyio.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETphpfvcdbdr.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETpiksvirtft.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETppfjixjuxp.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETppokviuxtk.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETpporjexbnv.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETpqrnssprxy.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETprirbvfiyv.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETpsqnkbduor.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETpsxnkbduor.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETpylqypqfvk.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETqfuxphorxu.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETqlfkssqlrs.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETqmbvrnspyp.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETqrnsspgroi.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETqspfthxxvr.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNETqvcdgdeofv.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\SKYNEThqjopfquxg.tmp
Status: Invisible to the Windows API!
and on and on and on, believe me it went a lot longer. So basically you'll see something saying you have skynet files if you do.
Not sure if you want to do all that but the malwarebytes thing is good to have on your computer anyway.
 |
|
Reply With Quote
Bookmarks