Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Many backdoors/various Trojans/rootkit. Shutdowner present


02 Aug 2012   #21

Windows 7 64-Bit Home Premium Service Pack 1
 
 

For those lurking, or anyone who is interested in the details about Sirefef/ZeroAccess: http://www.kindsight.net/sites/defau...tnet-final.pdf
http://www.2-viruses.com/remove-zeroaccess-rootkit

I believe that I had the older variant of Sirefef-- .Y, .W, .B
There are new variants out by now-- .AG, .I, .P (which I believe is also called the CLSID variant) Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode | Naked Security

Since I'm really interested in hacking and viruses, I'm actually having some fun trying to fight it. I'm not ready to reinstall Windows just yet. It's important that I learn what this is and what it does. I want to do everything I can before I wipe the whole thing. It's a learning process. Some of my most important files are already backed up here on my laptop, such as novels I'm writing.

I also hope the information will aid others in learning about the virus. I'll keep reporting back here with updates on how far I've gotten. Right now, I have to focus on fixing Services.exe. ESET has a ServicesRepair tool that I'm going to see if I can quickly use in safe mode before the system shuts down. If not that, then I'm going to try to get my AHCI drivers onto a flash drive so that I can access my OS when repairing my computer so I can do an SFC scannow.

I'm not giving up just yet.

This is a guide I was going to follow: http://malwaretips.com/Thread-How-to...-Removal-Guide
Here's a video about it as well, and from what I can see, the virus can impact a system far worse than how it hit mine. I can at least boot into Windows. http://www.youtube.com/watch?v=xVtGv...eature=related

(This reminds me a lot of the Conficker scare back in, I think 2010?)

My System SpecsSystem Spec
.

02 Aug 2012   #22

Microsoft Windows 8.1 Professional
 
 

I'm reading the .pdf and actually I'm scared of its contents...
My System SpecsSystem Spec
02 Aug 2012   #23

Windows 7 64-Bit Home Premium Service Pack 1
 
 

Quote   Quote: Originally Posted by OldMX View Post
I'm reading the .pdf and actually I'm scared of its contents...
I LOL'd
My System SpecsSystem Spec
.


03 Aug 2012   #24

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by MelancholyRose View Post
Since I'm really interested in hacking and viruses, I'm actually having some fun trying to fight it. I'm not ready to reinstall Windows just yet. It's important that I learn what this is and what it does.
Why? It's like killing roaches. They won't go away. Whatever you learn about virii and Win internals will be useless soon enough, as that all changes quickly.
This is assuming you're not planning on doing this as a "profession."
I suggest you keep a clean house with a recommended anti-virus. A free one.
Paying for an anti-virus just supports the "virus "industry."
Maybe even more important, take image copies. Then the roaches are inconsequential. If I even suspect roaches, I just replace the house with a clean one. 5 minutes.
I get where you're coming from, and used to have "fun" squashing roaches.
After a while it became distasteful - like, do roaches deserve much of my attention?
Nope.
My System SpecsSystem Spec
03 Aug 2012   #25

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Thank you for the links. The first step in fighting something, is knowing it's behavioral patterns.
My System SpecsSystem Spec
05 Aug 2012   #26

Windows 7 64-Bit Home Premium Service Pack 1
 
 

Here's a current update:
I made a Hiren's BootCD and I'm using it to back up a lot of data just in case I can't get all of the malware off, but so far I've found a lot of it and removed it.

I've located the trojan lurking in my Windows/Installer folder as well as in the AppData/Local folder and removed it.

I've deleted various adware/spyware and tracking cookies.

I've run a checkdisk using the BootCD, and I'm still going to do a scannow when I'm done copying everything.

If you're in a similar situation and either can't boot into Windows, or Windows keeps kicking you out, I would highly recommend the Hiren's BootCD. It's got most tools you need to recover data and remove stuff without having to get into Windows first. You can also use it to edit the registry.

Download Hiren

Quote:
Why? It's like killing roaches. They won't go away. Whatever you learn about virii and Win internals will be useless soon enough, as that all changes quickly.
This is assuming you're not planning on doing this as a "profession."
I suggest you keep a clean house with a recommended anti-virus. A free one.
Paying for an anti-virus just supports the "virus "industry."
Maybe even more important, take image copies. Then the roaches are inconsequential. If I even suspect roaches, I just replace the house with a clean one. 5 minutes.
I get where you're coming from, and used to have "fun" squashing roaches.
After a while it became distasteful - like, do roaches deserve much of my attention?
Nope.
I like to learn, I like to work on the computer, and I like to develop new skills. I don't consider that at all a bad thing.

This is also the first time in maybe eight years that I've had a virus.
My System SpecsSystem Spec
05 Aug 2012   #27

Windows 7 64-Bit Home Premium Service Pack 1
 
 

Another new update:
I've successfully repaired the Windows files that were causing my machine to randomly restart by doing an SFC /SCANNOW at boot from the Windows 7 installation CD. It found corrupted files and fixed them. My machine no longer shuts down.

I'm now able to get into Safe Mode and run Malwarebytes, TDSS killer, and others.
My System SpecsSystem Spec
06 Aug 2012   #28

Windows 7 64-Bit Home Premium Service Pack 1
 
 

Final update: I installed Comodo Internet Security (Free Internet Security, Download Internet Security Software Suite - Comodo) and ran a scan, and I also uninstalled and reinstalled Malwarebytes and scanned with that.

Comodo: Found 0 Malicious objects.
Malwarebytes: Found 0 malicious objects.
Used Comodo System Utilities (Comodo System Utilities Tools - Disk Registry Cleaner Software | Comodo) to clean up some remnants in the registry.

Computer is running smoother and cleaner, and I now have a fully working antivirus program, and it's free!

I'm also blocking a lot of bad IP addresses.

I didn't have to reinstall Windows 7, and everything is back to normal. I'm glad I decided to try to remove it instead of reinstall. Reinstalling would have been an even bigger hassle. I have a LOT of data on this drive.

I hope this forum is helpful to people in the future.
My System SpecsSystem Spec
06 Aug 2012   #29

Windows 7 Ultimate x64, Windows 8.1 Pro x64 (on laptop)
 
 

there is one final thing, which i don't like myself, but that would be to use another computer to make a bootable ubuntu USB drive
and then put that into your pc change the BIOS to boot USB first, and then run ubuntu, NOT INSTALL, and download CLAMAV ANTIVIRUS and scan your other OS, that could fix it, saved me once before.

whichever way you choose, it sounds like a bad virus so i hope it goes well for you!
My System SpecsSystem Spec
06 Aug 2012   #30

Windows 7 Ultimate x64, Windows 8.1 Pro x64 (on laptop)
 
 

never mind! glad you fixed but i would make sure that you use a high quality anti virus..ESET is what im comfortable with.
My System SpecsSystem Spec
Reply

 Many backdoors/various Trojans/rootkit. Shutdowner present




Thread Tools



Similar help and support threads for2: Many backdoors/various Trojans/rootkit. Shutdowner present
Thread Forum
Former Pentagon analyst: China has backdoors to 80% of telecoms Chillout Room
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough System Security
ESE Found Trojans System Security
Trojans System Security
Trojans in Updates??? Windows Updates & Activation
Trojans in Firefox Add-ons System Security
Trojans? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:19 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33