Many backdoors/various Trojans/rootkit. Shutdowner present

Page 3 of 4 FirstFirst 1234 LastLast

  1. Posts : 156
    Windows 7 64-Bit Home Premium Service Pack 1
    Thread Starter
       #21

    For those lurking, or anyone who is interested in the details about Sirefef/ZeroAccess: http://www.kindsight.net/sites/defau...tnet-final.pdf
    http://www.2-viruses.com/remove-zeroaccess-rootkit

    I believe that I had the older variant of Sirefef-- .Y, .W, .B
    There are new variants out by now-- .AG, .I, .P (which I believe is also called the CLSID variant) Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode | Naked Security

    Since I'm really interested in hacking and viruses, I'm actually having some fun trying to fight it. I'm not ready to reinstall Windows just yet. It's important that I learn what this is and what it does. I want to do everything I can before I wipe the whole thing. It's a learning process. Some of my most important files are already backed up here on my laptop, such as novels I'm writing.

    I also hope the information will aid others in learning about the virus. I'll keep reporting back here with updates on how far I've gotten. Right now, I have to focus on fixing Services.exe. ESET has a ServicesRepair tool that I'm going to see if I can quickly use in safe mode before the system shuts down. If not that, then I'm going to try to get my AHCI drivers onto a flash drive so that I can access my OS when repairing my computer so I can do an SFC scannow.

    I'm not giving up just yet.

    This is a guide I was going to follow: http://malwaretips.com/Thread-How-to...-Removal-Guide
    Here's a video about it as well, and from what I can see, the virus can impact a system far worse than how it hit mine. I can at least boot into Windows. http://www.youtube.com/watch?v=xVtGv...eature=related

    (This reminds me a lot of the Conficker scare back in, I think 2010?)
    Last edited by MelancholyRose; 02 Aug 2012 at 09:54.
      My Computer


  2. Posts : 687
    Microsoft Windows 10 Professional / Windows 7 Professional
       #22

    I'm reading the .pdf and actually I'm scared of its contents...
      My Computer


  3. Posts : 156
    Windows 7 64-Bit Home Premium Service Pack 1
    Thread Starter
       #23

    OldMX said:
    I'm reading the .pdf and actually I'm scared of its contents...
    I LOL'd
      My Computer


  4. Posts : 325
    Windows 7 Ultimate x64
       #24

    MelancholyRose said:
    Since I'm really interested in hacking and viruses, I'm actually having some fun trying to fight it. I'm not ready to reinstall Windows just yet. It's important that I learn what this is and what it does.
    Why? It's like killing roaches. They won't go away. Whatever you learn about virii and Win internals will be useless soon enough, as that all changes quickly.
    This is assuming you're not planning on doing this as a "profession."
    I suggest you keep a clean house with a recommended anti-virus. A free one.
    Paying for an anti-virus just supports the "virus "industry."
    Maybe even more important, take image copies. Then the roaches are inconsequential. If I even suspect roaches, I just replace the house with a clean one. 5 minutes.
    I get where you're coming from, and used to have "fun" squashing roaches.
    After a while it became distasteful - like, do roaches deserve much of my attention?
    Nope.
      My Computer


  5. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #25

    Thank you for the links. The first step in fighting something, is knowing it's behavioral patterns.
      My Computer


  6. Posts : 156
    Windows 7 64-Bit Home Premium Service Pack 1
    Thread Starter
       #26

    Here's a current update:
    I made a Hiren's BootCD and I'm using it to back up a lot of data just in case I can't get all of the malware off, but so far I've found a lot of it and removed it.

    I've located the trojan lurking in my Windows/Installer folder as well as in the AppData/Local folder and removed it.

    I've deleted various adware/spyware and tracking cookies.

    I've run a checkdisk using the BootCD, and I'm still going to do a scannow when I'm done copying everything.

    If you're in a similar situation and either can't boot into Windows, or Windows keeps kicking you out, I would highly recommend the Hiren's BootCD. It's got most tools you need to recover data and remove stuff without having to get into Windows first. You can also use it to edit the registry.

    Download Hiren

    Why? It's like killing roaches. They won't go away. Whatever you learn about virii and Win internals will be useless soon enough, as that all changes quickly.
    This is assuming you're not planning on doing this as a "profession."
    I suggest you keep a clean house with a recommended anti-virus. A free one.
    Paying for an anti-virus just supports the "virus "industry."
    Maybe even more important, take image copies. Then the roaches are inconsequential. If I even suspect roaches, I just replace the house with a clean one. 5 minutes.
    I get where you're coming from, and used to have "fun" squashing roaches.
    After a while it became distasteful - like, do roaches deserve much of my attention?
    Nope.
    I like to learn, I like to work on the computer, and I like to develop new skills. I don't consider that at all a bad thing.

    This is also the first time in maybe eight years that I've had a virus.
      My Computer


  7. Posts : 156
    Windows 7 64-Bit Home Premium Service Pack 1
    Thread Starter
       #27

    Another new update:
    I've successfully repaired the Windows files that were causing my machine to randomly restart by doing an SFC /SCANNOW at boot from the Windows 7 installation CD. It found corrupted files and fixed them. My machine no longer shuts down.

    I'm now able to get into Safe Mode and run Malwarebytes, TDSS killer, and others.
      My Computer


  8. Posts : 156
    Windows 7 64-Bit Home Premium Service Pack 1
    Thread Starter
       #28

    Final update: I installed Comodo Internet Security (Free Internet Security, Download Internet Security Software Suite - Comodo) and ran a scan, and I also uninstalled and reinstalled Malwarebytes and scanned with that.

    Comodo: Found 0 Malicious objects.
    Malwarebytes: Found 0 malicious objects.
    Used Comodo System Utilities (Comodo System Utilities Tools - Disk Registry Cleaner Software | Comodo) to clean up some remnants in the registry.

    Computer is running smoother and cleaner, and I now have a fully working antivirus program, and it's free!

    I'm also blocking a lot of bad IP addresses.

    I didn't have to reinstall Windows 7, and everything is back to normal. I'm glad I decided to try to remove it instead of reinstall. Reinstalling would have been an even bigger hassle. I have a LOT of data on this drive.

    I hope this forum is helpful to people in the future.
      My Computer


  9. Posts : 124
    Windows 7 Ultimate x64, Windows 8.1 Pro x64 (on laptop)
       #29

    there is one final thing, which i don't like myself, but that would be to use another computer to make a bootable ubuntu USB drive
    and then put that into your pc change the BIOS to boot USB first, and then run ubuntu, NOT INSTALL, and download CLAMAV ANTIVIRUS and scan your other OS, that could fix it, saved me once before.

    whichever way you choose, it sounds like a bad virus so i hope it goes well for you!
      My Computer


  10. Posts : 124
    Windows 7 Ultimate x64, Windows 8.1 Pro x64 (on laptop)
       #30

    never mind! glad you fixed but i would make sure that you use a high quality anti virus..ESET is what im comfortable with.
      My Computer


 
Page 3 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:54.
Find Us