Jump to content
Sign in to follow this  
Fred Salter

Maximum number of secrets that may be stored in a single system has been exceeded

Recommended Posts

I've been working through getting rid of some malware and virus problems on my computer and I think I've got them all cleared out but now I can't burn to the CDs. I can't use either Image burn, Nero or Winamp. I did get this strange message from Image burn but don't know what it means.

Any ideas???

This is what happens when I start up.

 

Fred

 

I 14:58:29 ImgBurn Version 2.4.4.0 started!

I 14:58:29 Microsoft Windows XP Professional (5.1, Build 2600 : Service Pack 3)

I 14:58:29 Total Physical Memory: 3,668,396 KB - Available: 2,821,672 KB

W 14:58:29 AnyDVD can interfere with ImgBurn's ability to verify accurately, please ensure it's disabled!

I 14:58:29 Initialising SPTI...

I 14:58:29 Searching for SCSI / ATAPI devices...

E 14:58:31 CreateFile Failed! - Device: '\\.\CdRom0' (I:)

E 14:58:31 Reason: The maximum number of secrets that may be stored in a single system has been exceeded.

E 14:58:34 CreateFile Failed! - Device: '\\.\CdRom1' (H:)

E 14:58:34 Reason: The maximum number of secrets that may be stored in a single system has been exceeded.

E 14:58:37 CreateFile Failed! - Device: '\\.\CdRom2' (D:)

E 14:58:37 Reason: The maximum number of secrets that may be stored in a single system has been exceeded.

E 14:58:39 CreateFile Failed! - Device: '\\.\CdRom6' (N:)

E 14:58:39 Reason: The maximum number of secrets that may be stored in a single system has been exceeded.

E 14:58:42 CreateFile Failed! - Device: '\\.\CdRom8' (P:)

E 14:58:42 Reason: The maximum number of secrets that may be stored in a single system has been exceeded.

W 14:58:42 Errors were encountered when trying to access 5 drives.

W 14:58:42 These drives will not be visible in the program.

W 14:58:42 No devices detected!

Share this post


Link to post
Share on other sites

Apparently most people can't tell a pink banner at the top of every page from the rest of the forum's layout :rolleyes:

Share this post


Link to post
Share on other sites

Hi there,

 

I checked your link and none of them worked. GMER did not show anything red on initial quick scan, nor did two other programs. I did full scan with GMER, and found bunch of library entries with reference to "geyekrvpkyiwrq.dll". I also found a file spxx.sys that's very questionable; a few variations so far are splu.sys, sppk.sys, spvt.sys. None of the files are visible, to no surprise hidden. The question to how to reveal them and hopefully delete them.

Share this post


Link to post
Share on other sites

Just ran into this new variant of the rootkit yesterday afternoon

 

It's hooking a lot of processes, it will probably take some time for any self help tool to be updated to deal with this

 

Thread System [4:320] 856E4790

---- Processes - GMER 1.0.15 ----

 

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [148] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [224] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\LightScribe\LSSrvc.exe [388] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [564] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [612] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\savedump.exe [624] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [632] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [796] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [928] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [1016] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1024] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1132] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1200] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1336] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\Ati2evxx.exe [1356] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1396] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1424] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1648] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1820] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [1856] 0x00940000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [1872] 0x00390000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Cobian Backup 8\cbService.exe [1896] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [1944] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\eHome\ehRecvr.exe [2000] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\eHome\ehSched.exe [2024] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [2256] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\dllhost.exe [2596] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [2724] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Documents and Settings\HP_Administrator\Desktop\l2bt81rg.exe [2824] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3036] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\ehome\ehtray.exe [3240] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [3268] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [3312] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [3320] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Pure Networks\Network Magic\nmapp.exe [3328] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\1240190955\ee\AOLSoftware.exe [3340] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [3356] 0x00AF0000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Microsoft IntelliPoint\ipoint.exe [3376] 0x003E0000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3392] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [3440] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\Cobian Backup 8\cbInterface.exe [3464] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3508] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3520] 0x04C60000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\wuauclt.exe [3608] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3612] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\eHome\ehmsas.exe [3652] 0x10000000

Library \\?\globalroot\systemroot\system32\geyekrymrmpjen.dll (*** hidden *** ) @ C:\WINDOWS\system32\wscntfy.exe [3828] 0x10000000

 

I would just reload

Share this post


Link to post
Share on other sites

Since these trojan/virus files are hidden, I had another idea. I took the boot drive that was infected, and plugged it into another machine as slave drive. I could now see some of the trojan files, filename all starts with "geyekr" with extension DLL or DAT. I deleted about 6 of them and put the drive back to the original machine, and found these positive changes:

 

(1) I no longer have problem with ImgBurn, it now recognizes the drive as a burner.

 

(2) Disk Management previously showed blank main window, with none of the hard drives listed. The DVD burner was shown as "CDROM0" in the left lower corner. After the clean, Disk Management is displaying all the drives properly.

 

BUT my system is not problem free, and I believe deleting the files was not sufficient:

 

(1) The DVD burner is still listed as "CDROM" under My Computer. I put in a blank DVD+R into the drive, then explore the drive. It opened and showed a blank screen. Under normal operation, clicking the drive should return an error to say something to the effect that the drive or the medium is not assessible.

 

(2) Using Radix, under IRP scan, I could see a spxx.sys file still hooking a lot of drivers, where "xx" are random alphabets (example, splu.sys). Each time I boot up, it's a different spxx.sys name. There's another program somewhere that's generating this file.

 

(3) Under Radix and SDT scan, ZwEnumerateKey, ZwEnumerateValueKey and ZwQueryKey are shown in red and hooked by this spxx.sys file.

 

Now I need some more help to search and destroy whichever file that's generating the spxx.sys.

Share this post


Link to post
Share on other sites

The past variants of this TDSS rootkit were controlled by sys files in C:\WINDOWS\system32\drivers

 

 

geyekrxxxx.sys

 

Did you run MBAM?

Share this post


Link to post
Share on other sites

Yeah, there is for sure a new variant to this problem. I had the TDSS rootkit problem about 3 weeks ago, went to forum here, did just what Lighting UK said to do, and boom - no problem, wiped out the bad .sys file and everything worked perfectly. Today - same problem rose up again (so I thought). Malwarebytes 1.39 found the files, deleted them, but THIS time, made zero difference. Same problem is there, can't get to my burner with Nero, ImgBurn, etc. It's a new, way tougher variation of the rootkit problem everybody is discussing here (maximum number of secrets...etc).

 

Sigh. Have no idea what to do now...

Share this post


Link to post
Share on other sites

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh@imagepath \systemroot\system32\drivers\geyekracsmpyvt.sys

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\main

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\main@aid 10099

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\main@sid 0

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\main\delete

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\main\injector

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\main\injector@* geyekrwsp.dll

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\main\tasks

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\modules

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\modules@geyekrrk.sys \systemroot\system32\drivers\geyekracsmpyvt.sys

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\modules@geyekrcmd.dll \systemroot\system32\geyekrrnsqomup.dll

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\modules@geyekrlog.dat \systemroot\system32\geyekrwgdeborr.dat

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\modules@geyekrwsp.dll \systemroot\system32\geyekrvpkyiwrq.dll

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrdqboulhh\modules@geyekr.dat \systemroot\system32\geyekrwinijwbq.dat

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\multimedia\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0x4C 0xDF 0xA9 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0xBF 0x6A 0x18 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0xC7 0xC9 0x2A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\multimedia\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0x4C 0xDF 0xA9 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0xBF 0x6A 0x18 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0xC7 0xC9 0x2A ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\multimedia\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0x4C 0xDF 0xA9 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0xBF 0x6A 0x18 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0xC7 0xC9 0x2A ...

Share this post


Link to post
Share on other sites

A few registry entries under HKLM as you see above. There's also an entry called "SAM", which was marked red by GMER. When I tried to delete them, an error poped up and I was unable to. Same problem happened when I tried to delete them under Safe mode. Any idea how to delete these registry keys?

Share this post


Link to post
Share on other sites
The past variants of this TDSS rootkit were controlled by sys files in C:\WINDOWS\system32\drivers

 

 

geyekrxxxx.sys

 

Did you run MBAM?

 

MBAM detected nothing. Avast and AVG Free also found nothing. I read somewhere AVG rootkit was able to detect some of the files. Does anybody have the paid version to confirm this?

Share this post


Link to post
Share on other sites
A few registry entries under HKLM as you see above. There's also an entry called "SAM", which was marked red by GMER. When I tried to delete them, an error poped up and I was unable to. Same problem happened when I tried to delete them under Safe mode. Any idea how to delete these registry keys?

 

you probably cant delete some registry keys because you dont have the correct privileges to do so...

 

usually u can verify that by right-clicking on the folder and choosing Authorizations....

Share this post


Link to post
Share on other sites

The author of rootrepeal is said to be working on this issue, might see a fix in a few days, but I wouldn't hold my breath.

 

Sophos will see the rootkit files but cannot remove them, the HJT forums are where removal is being referred.

 

Reload

Share this post


Link to post
Share on other sites

RootRepeal still crashes instantly on startup with a memory access violation on my pc.

 

Hopefully if I send the author enough crash reports (from each new version), it'll eventually be made to work :)

Share this post


Link to post
Share on other sites

I have AVG Anti-Virius store-bought. I ran full scan tonight, with Rootkit scan (you have to tell AVG to do this, it's the only option turned off on the scan that you have to manually tell it to do). Anyway, did a full scan, AVG didn't see anything unfortunately.

 

RootRepeal crashes at startup on my computer also.

 

MAN, I wish I was more computer savvy. I am just about ready to backup all, and then format and begin anew, but seems like such an overkill against one virius that "seems" to only want to mess with my burner and nothing else...

 

Kevin

 

 

 

 

 

 

The past variants of this TDSS rootkit were controlled by sys files in C:\WINDOWS\system32\drivers

 

 

geyekrxxxx.sys

 

Did you run MBAM?

 

MBAM detected nothing. Avast and AVG Free also found nothing. I read somewhere AVG rootkit was able to detect some of the files. Does anybody have the paid version to confirm this?

Share this post


Link to post
Share on other sites

It's not just your burner, it's blocking physical access to all your drives (or so I believe).

 

That's why most tools can't even scan for the virus, they're unable to 'open' the drive and look at it.

 

Have you tried the Sophos anti rootkit tool?

 

You could also scan the hdd in another pc, the virus defs might pick it up when they can actually see the file.

Share this post


Link to post
Share on other sites

Hey, yes you are totally right, it is blocking other access. I did indeed try Sophos, was just as effective as everything else so far (read = zero). Sophos saw some files, but they were in temp directories and it wouldn't let me delete them, and I don't think it would have mattered anyway. Amazing I still have any hair left after trying to fix this the past few days!

 

I started my backup tonight just in case I go that route reformatting. Looking like a good option so far! Currently, don't need to burn anything on my player (I can use it for everything BUT burning), so I am holding out in case someone figures something out in the next day or so. I just don't know where to look for more help and I am not good enough to dig into my own system and be productive...

 

Kevin

 

 

It's not just your burner, it's blocking physical access to all your drives (or so I believe).

 

That's why most tools can't even scan for the virus, they're unable to 'open' the drive and look at it.

 

Have you tried the Sophos anti rootkit tool?

 

You could also scan the hdd in another pc, the virus defs might pick it up when they can actually see the file.

Share this post


Link to post
Share on other sites

so far i've tried every single method that was posted in this topic as well as the links provided. But saddly, nothing seems to work. No matter what i try, i get the same resault with my ImgBurner, even my UltraISO isnt working properly. Aside from re-formatting are there any other suggestions XD

P.S

For some reason I can detect the malwares but I cant disable and remove the files with GMER as shown on the link.

Share this post


Link to post
Share on other sites

sorry for double posting but just incase this helps, my computer can detect the DVD and i can burn standard files onto it (i.e drag files to DVD) but the programs i use to burn DVDs can not detect it (i.e ImgBurner, UltraISO, etc...)

Share this post


Link to post
Share on other sites

I think i found a way to fix the issue. Well it worked for me at least XD. anyways go to

 

http://www.pcworld.com/downloads/file/fid,...escription.html

 

and download "AVG anti rootkit" and then after installing, run scan and delete the rootkits that have been detected.

Then it will prompt you to restart, follow their instructions and after restarting, the rootkit should be removed.

 

NOTE: it will also prompt you to download the AVG rootkit protection program right after restarting.

it is up to you to say yes or no. for me i chose no and continued on.

 

hope this helps ^^

Share this post


Link to post
Share on other sites

For those of you still having problems, go to Norton's forum and search "geyekr" and there are whole bunch of posts on this. This guru QUADS there has been providing suggestions to fix the problem. All the files detected so far are simply "result" of some boss file hiding in the background, so even if you can identify them and remove them, it doesn't help the situation.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.