Posted: 9/24/2011 12:03:02 PM EDT
|
My son's laptop got hammered up with a virus. What I've done so far is:
- I rebooted in safe mode and tried to run malwarebytes. Malwarebytes started scanning and after about 30 seconds, it disappeared. - I then ran Microsoft Security Essentials in safe mode - it didn't detect anything. - I rebooted, deleted the remains of Malwarebytes and tried to download it again. The browser redirects to other sites. - I downloaded Malwarebytes from another system onto a thumb drive and loaded it onto the infected laptop. - I ran it in safe mode and detected seven infected files to include rootkit files. - I'm now doing complete rescans with Malwarebytes and MSE. Here's my question - will these two programs be sufficient to wipe out a rootkit virus or do I need to run combofix or something like that? |
|
Quoted: My son's laptop got hammered up with a virus. What I've done so far is: - I rebooted in safe mode and tried to run malwarebytes. Malwarebytes started scanning and after about 30 seconds, it disappeared. - I then ran Microsoft Security Essentials in safe mode - it didn't detect anything. - I rebooted, deleted the remains of Malwarebytes and tried to download it again. The browser redirects to other sites. - I downloaded Malwarebytes from another system onto a thumb drive and loaded it onto the infected laptop. - I ran it in safe mode and detected seven infected files to include rootkit files. - I'm now doing complete rescans with Malwarebytes and MSE. Here's my question - will these two programs be sufficient to wipe out a rootkit virus or do I need to run combofix or something like that? Those virus programs will not take out rootkit for the most part. You need to run conbofix and hitman pro 3.5. Both are free. Don't install Hitman pro 3.5. Run it as a standalone. |
|
Quoted:
Quoted:
My son's laptop got hammered up with a virus. What I've done so far is: - I rebooted in safe mode and tried to run malwarebytes. Malwarebytes started scanning and after about 30 seconds, it disappeared. - I then ran Microsoft Security Essentials in safe mode - it didn't detect anything. - I rebooted, deleted the remains of Malwarebytes and tried to download it again. The browser redirects to other sites. - I downloaded Malwarebytes from another system onto a thumb drive and loaded it onto the infected laptop. - I ran it in safe mode and detected seven infected files to include rootkit files. - I'm now doing complete rescans with Malwarebytes and MSE. Here's my question - will these two programs be sufficient to wipe out a rootkit virus or do I need to run combofix or something like that? Those virus programs will not take out rootkit for the most part. You need to run conbofix and hitman pro 3.5. Both are free. Don't install Hitman pro 3.5. Run it as a standalone. Just curious - why would I not want to install Hitman? Also, I've run combofix before but not Hitman. Why do I need both? |
|
I'm running combofix right now. It flashed up a screen saying that I had a rootkit virus that is difficult to clear. It also gave the name of the virus but then the window disappeared. I wish I would have been able to get the name of it, so I could have then researched it a bit. We'll see what combofix is able to do on this. |
|
See this page over on DSLReports.com that details several programs to help with rootkit detection.
http://www.dslreports.com/faq/16564 I had two computers that got hit real bad with rootkits and other malware. Combofix was the only thing that successfully cleaned both of them up. Took close to four hours though to clean one of the two computers. Combofix is the last step before reformatting drive and starting from scratch. |
|
Quoted:
See this page over on DSLReports.com that details several programs to help with rootkit detection. http://www.dslreports.com/faq/16564 I had two computers that got hit real bad with rootkits and other malware. Combofix was the only thing that successfully cleaned both of them up. Took close to four hours though to clean one of the two computers. Combofix is the last step before reformatting drive and starting from scratch. This would be my first step to get rid of a root kit. |
|
Quoted:
Quoted:
See this page over on DSLReports.com that details several programs to help with rootkit detection. http://www.dslreports.com/faq/16564 I had two computers that got hit real bad with rootkits and other malware. Combofix was the only thing that successfully cleaned both of them up. Took close to four hours though to clean one of the two computers. Combofix is the last step before reformatting drive and starting from scratch. This would be my first step to get rid of a root kit. Ah, I'm not giving up that easy yet. Running Combofix again...crossing fingers. Any opinon from anyone else on Hitman Pro? |
|
Burn this to a cd and boot from it:
http://www.avira.com/en/support-download-avira-antivir-rescue-system This was able to fix something for me recently that combofix wasn't doing shit to. It is updated daily, so you don't have to download updates (if you can't). You probably won't be able to fix your problem with just one program, I usually find that I have to throw random shit at the problem from a linux boot (like the program that I've linked to) until something finds something, at which point you can run other things (which will find things that other programs missed). Run combofix first if you want, run the download I posted second. |
|
Quoted: Quoted: Quoted: My son's laptop got hammered up with a virus. What I've done so far is: - I rebooted in safe mode and tried to run malwarebytes. Malwarebytes started scanning and after about 30 seconds, it disappeared. - I then ran Microsoft Security Essentials in safe mode - it didn't detect anything. - I rebooted, deleted the remains of Malwarebytes and tried to download it again. The browser redirects to other sites. - I downloaded Malwarebytes from another system onto a thumb drive and loaded it onto the infected laptop. - I ran it in safe mode and detected seven infected files to include rootkit files. - I'm now doing complete rescans with Malwarebytes and MSE. Here's my question - will these two programs be sufficient to wipe out a rootkit virus or do I need to run combofix or something like that? Those virus programs will not take out rootkit for the most part. You need to run conbofix and hitman pro 3.5. Both are free. Don't install Hitman pro 3.5. Run it as a standalone. Just curious - why would I not want to install Hitman? Also, I've run combofix before but not Hitman. Why do I need both? You can if you want. It waste HD space and it's another program that start up when you enter window. If Hitman Pro 3.5 is your only anti-virus program than install it. Otherwise use it to remove rootkit and virus. I use it as only a removal and not a protection software. Hitman Pro 3.5 is really good at removing the TDS rook kit. I think it is the only program that can successfully take down rook kit in the MBR. Comboxfix can't do that but you need comboxfix to get rid of what Hitman Pro missed. Hitman Pro 3.5 is free full 30 days trail software but you can buy it. If you just using it as a removal program just set your computer clock back a year or so from the first time to continue using the program. |
|
Quoted: Quoted: Quoted: See this page over on DSLReports.com that details several programs to help with rootkit detection. http://www.dslreports.com/faq/16564 I had two computers that got hit real bad with rootkits and other malware. Combofix was the only thing that successfully cleaned both of them up. Took close to four hours though to clean one of the two computers. Combofix is the last step before reformatting drive and starting from scratch. This would be my first step to get rid of a root kit. Ah, I'm not giving up that easy yet. Running Combofix again...crossing fingers. Any opinon from anyone else on Hitman Pro? Run Hit Man Pro. I do this as a living. |
|
Quoted:
Quoted:
Quoted:
Quoted:
See this page over on DSLReports.com that details several programs to help with rootkit detection. http://www.dslreports.com/faq/16564 I had two computers that got hit real bad with rootkits and other malware. Combofix was the only thing that successfully cleaned both of them up. Took close to four hours though to clean one of the two computers. Combofix is the last step before reformatting drive and starting from scratch. This would be my first step to get rid of a root kit. Ah, I'm not giving up that easy yet. Running Combofix again...crossing fingers. Any opinon from anyone else on Hitman Pro? Run Hit Man Pro. I do this as a living. Okay. I'll give it a shot. If my computer blows up, I'm going to shake my fist in the air at you. 
|
|
Quoted: Quoted: Quoted: Quoted: Quoted: See this page over on DSLReports.com that details several programs to help with rootkit detection. http://www.dslreports.com/faq/16564 I had two computers that got hit real bad with rootkits and other malware. Combofix was the only thing that successfully cleaned both of them up. Took close to four hours though to clean one of the two computers. Combofix is the last step before reformatting drive and starting from scratch. This would be my first step to get rid of a root kit. Ah, I'm not giving up that easy yet. Running Combofix again...crossing fingers. Any opinon from anyone else on Hitman Pro? Run Hit Man Pro. I do this as a living. Okay. I'll give it a shot. If my computer blows up, I'm going to shake my fist in the air at you. You need a internet connection to use Hit Man Pro 3.5. You can run it out of USB stick if you want to. http://www.surfright.nl/en/hitmanpro You probably want to download CCleaner. The software will delete all files in temp folders. A fast way to get rid of virus hiding there. http://www.piriform.com/CCLEANER Make sure you turn off system restore (turning off will delete system restore save points) because virus and rook kit hide in there also. Type in msconfig in Run (XP) or Search (Vista, Win7). It will launch the System Config. Go to startup and uncheck things that looks like virus or anything that you don't want to start up. If you're not sure google the name. Any weird random letter are most likely virus. |
|
like others have said, reinstalling the OS from scratch is the only sure way to get rid of it.
If that is not an option (i.e. no os disc, etc.) then i would recommend downloading our offline bootable scanner. If this is a known rootkit, we will detect & remove it. http://connect.microsoft.com/systemsweeper basically you download the iso, burn it to disc (or put on a thumb drive), it boots WinPE, and runs our AV engine against the file system; there's no way for malware to 'hide' when doing this scan. Thanks, Faron ps. yes i work for MSFT |
|
Quoted:
like others have said, reinstalling the OS from scratch is the only sure way to get rid of it. If that is not an option (i.e. no os disc, etc.) then i would recommend downloading our offline bootable scanner. If this is a known rootkit, we will detect & remove it. http://connect.microsoft.com/systemsweeper basically you download the iso, burn it to disc (or put on a thumb drive), it boots WinPE, and runs our AV engine against the file system; there's no way for malware to 'hide' when doing this scan. Thanks, Faron ps. yes i work for MSFT Doing what? |
|
Quoted: Just ran Hitman. No threats found. Number of identified traces: 13 (Huh?) So, I have a clean bill of health from MSE, Malwarebytes, Combofix & Hitman. Am I good or do I possibly still have a lurker in there somewhere? ETA: Also shut off/deleted restore points. You're alright. If hitman Pro 3.6 and combofix didn't detect anything you should be fine. What other problem do you have? If you like you can turn back on System Restore because the old points have been deleted. Personally I leave it off. |
|
Quoted:
Quoted:
I dunno. I wouldn't trust a PC that's been infected with something that nasty unless I did a clean reinstall. My son uses it for online gaming....nothing essential...I just don't want the virus to come back. I'm with Zhukov here, but since it's not being used for anything essential (i.e., personal and/or financial info), I suppose it doesn't matter much. Make sure he plays games in an account that does not have admin privileges, and keep the OS and security programs updated. My guess is that it's going to get reinfected, because it sounds like it's used for high-risk internet activities (because it got hit by a root kit in the first place). |
|
Quoted:
Quoted:
I didn't even laugh once after reading this thread. Total fail.  Great. Now I feel inadequate. ...and I probably still have a virus. Download this "sandbox" and only run your browser in sandbox mode. This is almost bullet proof. sandboxie Comes in both 32 and 64 bit versions, use the correct version and for 64 bit turn on the 64 bit protection feature. |
|
Point of clarification here.
Reformatting and doing a clean install may not solve the problem. China's currently getting hit by a nasty little bug that installs itself in BIOS and perennially reinstalls a rootkit. Award/Phoenix BIOS is particularly vulnerable to this type of exploit, as many of those BIOS versions are designed to allow for "easy, one-click updating" from within the operating system. I mean really, what could possibly go wrong with a plan like that? 
|
|
Quoted:
Point of clarification here. Reformatting and doing a clean install may not solve the problem. China's currently getting hit by a nasty little bug that installs itself in BIOS and perennially reinstalls a rootkit. Award/Phoenix BIOS is particularly vulnerable to this type of exploit, as many of those BIOS versions are designed to allow for "easy, one-click updating" from within the operating system. I mean really, what could possibly go wrong with a plan like that? So, I guess I should just set a block of thermite on it and pull the pin? |
|
Quoted:
Point of clarification here. Reformatting and doing a clean install may not solve the problem. China's currently getting hit by a nasty little bug that installs itself in BIOS and perennially reinstalls a rootkit. Award/Phoenix BIOS is particularly vulnerable to this type of exploit, as many of those BIOS versions are designed to allow for "easy, one-click updating" from within the operating system. I mean really, what could possibly go wrong with a plan like that? Even nuking from orbit isn't good enough anymore? 
|
|
Quoted:
My son's laptop got hammered up with a virus. What I've done so far is: - I rebooted in safe mode and tried to run malwarebytes. Malwarebytes started scanning and after about 30 seconds, it disappeared. - I then ran Microsoft Security Essentials in safe mode - it didn't detect anything. - I rebooted, deleted the remains of Malwarebytes and tried to download it again. The browser redirects to other sites. - I downloaded Malwarebytes from another system onto a thumb drive and loaded it onto the infected laptop. - I ran it in safe mode and detected seven infected files to include rootkit files. - I'm now doing complete rescans with Malwarebytes and MSE. Here's my question - will these two programs be sufficient to wipe out a rootkit virus or do I need to run combofix or something like that? for the four thousandth fuckin time.....COMBOFIX. downloading it from bleepingcomputer. follow up with hitman pro |
|
Quoted:
Quoted:
My son's laptop got hammered up with a virus. What I've done so far is: - I rebooted in safe mode and tried to run malwarebytes. Malwarebytes started scanning and after about 30 seconds, it disappeared. - I then ran Microsoft Security Essentials in safe mode - it didn't detect anything. - I rebooted, deleted the remains of Malwarebytes and tried to download it again. The browser redirects to other sites. - I downloaded Malwarebytes from another system onto a thumb drive and loaded it onto the infected laptop. - I ran it in safe mode and detected seven infected files to include rootkit files. - I'm now doing complete rescans with Malwarebytes and MSE. Here's my question - will these two programs be sufficient to wipe out a rootkit virus or do I need to run combofix or something like that? for the four thousandth fuckin time.....COMBOFIX. downloading it from bleepingcomputer. follow up with hitman pro Then again, you could read the thread before going full retard. Quoted: So, I have a clean bill of health from MSE, Malwarebytes, Combofix & Hitman. |
|
Quoted:
like others have said, reinstalling the OS from scratch is the only sure way to get rid of it. If that is not an option (i.e. no os disc, etc.) then i would recommend downloading our offline bootable scanner. If this is a known rootkit, we will detect & remove it. http://connect.microsoft.com/systemsweeper basically you download the iso, burn it to disc (or put on a thumb drive), it boots WinPE, and runs our AV engine against the file system; there's no way for malware to 'hide' when doing this scan. Thanks, Faron ps. yes i work for MSFT Just completed running it and it appears to have come out clean. This was a nasty little booger, let's hope that I don't see it again. Clean on Malwarebytes, MSE, Combofix, Hitman and Systemsweeper. I think I'm GTG unless I have the aforementioned Chinese computer AIDS...in which case, I'll be thermiting it. Thanks everyone for the help. |
|
Quoted:
like others have said, reinstalling the OS from scratch is the only sure way to get rid of it. If that is not an option (i.e. no os disc, etc.) then i would recommend downloading our offline bootable scanner. If this is a known rootkit, we will detect & remove it. http://connect.microsoft.com/systemsweeper basically you download the iso, burn it to disc (or put on a thumb drive), it boots WinPE, and runs our AV engine against the file system; there's no way for malware to 'hide' when doing this scan. Thanks, Faron ps. yes i work for MSFT so why are microsoft operating systems so open to viral infection? |
|
Quoted:
Quoted:
Quoted:
My son's laptop got hammered up with a virus. What I've done so far is: - I rebooted in safe mode and tried to run malwarebytes. Malwarebytes started scanning and after about 30 seconds, it disappeared. - I then ran Microsoft Security Essentials in safe mode - it didn't detect anything. - I rebooted, deleted the remains of Malwarebytes and tried to download it again. The browser redirects to other sites. - I downloaded Malwarebytes from another system onto a thumb drive and loaded it onto the infected laptop. - I ran it in safe mode and detected seven infected files to include rootkit files. - I'm now doing complete rescans with Malwarebytes and MSE. Here's my question - will these two programs be sufficient to wipe out a rootkit virus or do I need to run combofix or something like that? for the four thousandth fuckin time.....COMBOFIX. downloading it from bleepingcomputer. follow up with hitman pro Then again, you could read the thread before going full retard. Quoted: So, I have a clean bill of health from MSE, Malwarebytes, Combofix & Hitman. full retard? i'm not the one that got machine infected. |
|
Quoted:
Quoted:
Quoted:
Quoted:
My son's laptop got hammered up with a virus. What I've done so far is: - I rebooted in safe mode and tried to run malwarebytes. Malwarebytes started scanning and after about 30 seconds, it disappeared. - I then ran Microsoft Security Essentials in safe mode - it didn't detect anything. - I rebooted, deleted the remains of Malwarebytes and tried to download it again. The browser redirects to other sites. - I downloaded Malwarebytes from another system onto a thumb drive and loaded it onto the infected laptop. - I ran it in safe mode and detected seven infected files to include rootkit files. - I'm now doing complete rescans with Malwarebytes and MSE. Here's my question - will these two programs be sufficient to wipe out a rootkit virus or do I need to run combofix or something like that? for the four thousandth fuckin time.....COMBOFIX. downloading it from bleepingcomputer. follow up with hitman pro Then again, you could read the thread before going full retard. Quoted: So, I have a clean bill of health from MSE, Malwarebytes, Combofix & Hitman. full retard? i'm not the one that got machine infected. Yet. |
|
Quoted:
Restore and if that don't work reinstall OS. Probably faster but as you know, loses data. This is really the only appropriate response to a virus or rootkit or trojan infection. Wipe and reload, because you will never know what's really on that machine from that point on. |
|
Quoted:
Quoted:
Restore and if that don't work reinstall OS. Probably faster but as you know, loses data. This is really the only appropriate response to a virus or rootkit or trojan infection. Wipe and reload, because you will never know what's really on that machine from that point on. No. I don't want to hear that. I've already pronounced myself clean. NahNahNahNahNahNahNahNahNahNahNahNahNahNahNah I can't hear you, I cant hear you, NahNahNahNahNahNahNahNahNahNahNahNahNahNahNah |
|
Quoted:
Quoted:
Quoted:
Restore and if that don't work reinstall OS. Probably faster but as you know, loses data. This is really the only appropriate response to a virus or rootkit or trojan infection. Wipe and reload, because you will never know what's really on that machine from that point on. No. I don't want to hear that. I've already pronounced myself clean. NahNahNahNahNahNahNahNahNahNahNahNahNahNahNah I can't hear you, I cant hear you, NahNahNahNahNahNahNahNahNahNahNahNahNahNahNah 
I'll put it this way –– in the military and generally in the corporate world as well, that's the only allowed response to any kind of infection –– complete reimage. The reason for it is this. Assume I'm some evil hacker –– I may use an obvious infection as an easy means to get something sneaky onto your computer –– perhaps something that's not going to be captured by malwarebytes or whatever. You clear off the obvious infection, but the real payload remains, waiting to do whatever it's supposed to, whenever it's supposed to. |
|
Quoted:
Quoted:
Quoted:
Quoted:
Restore and if that don't work reinstall OS. Probably faster but as you know, loses data. This is really the only appropriate response to a virus or rootkit or trojan infection. Wipe and reload, because you will never know what's really on that machine from that point on. No. I don't want to hear that. I've already pronounced myself clean. NahNahNahNahNahNahNahNahNahNahNahNahNahNahNah I can't hear you, I cant hear you, NahNahNahNahNahNahNahNahNahNahNahNahNahNahNah
I'll put it this way –– in the military and generally in the corporate world as well, that's the only allowed response to any kind of infection –– complete reimage. The reason for it is this. Assume I'm some evil hacker –– I may use an obvious infection as an easy means to get something sneaky onto your computer –– perhaps something that's not going to be captured by malwarebytes or whatever. You clear off the obvious infection, but the real payload remains, waiting to do whatever it's supposed to, whenever it's supposed to. Yeah, that's a good point. If the laptop was being used for anything than as my 11- year old son's game playground, I'd probably look at doing something like that. As it stands, I think I'll just cross my fingers and see if anything happens to it. |
|
Try:
1) ESET scanner. 2) Aviria Rescue CD is Avira anti virus on a bootable CD if I am not mistaken. The virus can not do anything to prevent it from running as the bootable CS doesn't run in Windows. At least I would think so. 3) Run Spybot S&D. 4) Get Crap Cleaner. Edit: If Combo Fix didn't fix it, that must be pretty bad. |
|
Quoted: Just ran Hitman. No threats found. Number of identified traces: 13 (Huh?) So, I have a clean bill of health from MSE, Malwarebytes, Combofix & Hitman. Am I good or do I possibly still have a lurker in there somewhere? ETA: Also shut off/deleted restore points. I'd suggest going to one of the malware forums such as bleepingcomputer and starting a thread. they have guys there who really know what they're doing and will look over the logs from these programs and help you be sure you've nuked the bugs. |
|
Quoted: Quoted: Quoted: Quoted: Restore and if that don't work reinstall OS. Probably faster but as you know, loses data. This is really the only appropriate response to a virus or rootkit or trojan infection. Wipe and reload, because you will never know what's really on that machine from that point on. No. I don't want to hear that. I've already pronounced myself clean. NahNahNahNahNahNahNahNahNahNahNahNahNahNahNah I can't hear you, I cant hear you, NahNahNahNahNahNahNahNahNahNahNahNahNahNahNah I'll put it this way –– in the military and generally in the corporate world as well, that's the only allowed response to any kind of infection –– complete reimage. The reason for it is this. Assume I'm some evil hacker –– I may use an obvious infection as an easy means to get something sneaky onto your computer –– perhaps something that's not going to be captured by malwarebytes or whatever. You clear off the obvious infection, but the real payload remains, waiting to do whatever it's supposed to, whenever it's supposed to. I wish my IT department thought the same way. I had a hit on my antivirus a while back and they refused to re-image the machine. They said it detected and removed it so I should be ok. I get the heebie jeebies everytime I touch the thing now and I have access to shitloads of valuable information, names, addresses, ssns and more on millions of people. I'm tempted to accidentally the whole thing so they have to put a new hard drive in. |