Britec Tech Support Forum
root kits detected, what to do? - Printable Version

+- Britec Tech Support Forum (https://www.briteccomputers.co.uk/forum)
+-- Forum: Computer Security (https://www.briteccomputers.co.uk/forum/forumdisplay.php?fid=50)
+--- Forum: Security, Viruses, Trojans & Malware Removal (https://www.briteccomputers.co.uk/forum/forumdisplay.php?fid=30)
+--- Thread: root kits detected, what to do? (/showthread.php?tid=5136)



root kits detected, what to do? - kkvakk - 05-30-2020

Hi Britec
Using GMER I found traces of rootkit activity (red alert; windows/system32/qmgr.dll is hidden). This morning I could scan all the options (system, threads, ect) but now I can only check three boxes to scan; registry, files and services, why is this?

Last year i found an app (gotomeeting) on my computer which I never installed myself. Entry could have been gained to my pc through the router (where the default password was used for one year initially), my whole computer was available in the "shared folder".

I disabled the server-service and other services as recommended in one of your videos, then reset the router, and reinstalled windows, but is there a paid service or a program I could use to shut access to my pc and traffic?

Edit: Question; when I use tracert, the first stop after the router (at 192.198.0.1) is 10.113.0.1, does this mean the router is linked up to a private network?
Also, the blocks I enable in windows firewall are repeatedly undone, like desktop app web viewer, homegroup, remote assistance/management ect (this does not happen upon restart but at later time).
I have win 10 home and no group policy management snap-in to unhide services. I have gpedit.msc with which i have tried to restrict some things, but i'd like some better tools or paid services to help me out.
I frequently run Farbar these last two years and remove what unwanted stuff I see, but things happened anyway.

The router has a firewall with four settings; off, low, medium and high. Today i reset the router and put it on high, but wifi did not work for two pc's, while a third pc on ethernet worked fine. Last year wifi worked fine on 'high', but VPN did not, so i left it always at 'low'.

Thanks


RE: root kits detected, what to do? - kkvakk - 06-03-2020

Another thing, when asking the computer to restart, I frequently see two programs delaying/preventing the restart, one is called 'G' the other has no name. I click restart anyway and the machine shuts down. I NEVER see these programs running when I restart while offline/when the wifi device is disabled in device manager.

I totally understand that you have better things to do, the videos you have put up have been truly a great help already.