Windows 7: Many backdoors/various Trojans/rootkit. Shutdowner present

Try a system restore to the point before you clicked on the spam and such.



Like what borg said, it may not be fixable.

-Justin

It wasn't listed, it was blank, and I clicked Next anyway. I went to System Restore and it said:

To use System Restore, you must specify which Windows installation to restore. Restart this computer, select an operating system, and then select System Restore.

I thought I could leave it blank?

I didn't click Load Drivers. Should I try that?

Although you might be able to get a deeply infected machine back into a 'workable' state it will likely take more than one program to do it.

But even if you can get it back into that 'workable' state I wouldn't trust it. I'd wipe that disk clean and reinstall. Quicker that way, and you can then be confident that it's secure.

Back up all your data to reliable media first though.

System Restore might work, but you should be aware that your restore points can contain the malware too. Definitely contains it if you've been infected for some time.

I need to get that shutdown to stop happening before I can back anything up. I'm having a friend help me.

The easiest thing to do is to remove the drive and slave it into another computer (with up to date virus definitions, of course). Copy your essential files to the other computer. Put the drive back into the original computer, and reinstall Windows.

Apparently the Services.exe file is damaged, and that's what's causing the shut downs, not a virus. I thought to do an sfc scannow, but for some reason my computer just doesn't show my OS. It acts like I don't have one, even though I definitely do.

What I think is causing that is, I use a RAID 1 mirror. My other hard drive isn't being used right now, it hasn't been used for a while, so I'm using only the one drive. Do I need my RAID driver to get to my OS?

If so, do I need to use RAID drivers or Chipset drivers? http://support.amd.com/us/gpudownloa...d_windows.aspx [EDIT: I'm thinking it's the AHCI Controller Driver under chipsets.]

EDIT: Looks like this is probably it. SATA Drivers - Load in Windows Recovery Options

My mother in law's laptop got infected and I got tired of fighting this rootkit because of the afterall damage to core files which SFC couldnt fix, ended wiping the disk and reinstalling clean, one thing I'm clueless about is how is this infection spreaded?

Judging on what I've read/been told about Sirefef is that if you try to remove it, it hides in system files and copies itself to Registry keys and such.

This sounds like the Zero Access Rootkit. It has created a hidden partition to hide itself from being found and fixed. This is quite a nasty Rootkit!

Save what you can (pictures, important documents), then wipe your OS and do a "clean" install.