Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Another major infection; Rootkits!


23 Sep 2012   #1

Windows 7 64 bit
 
 
Another major infection; Rootkits!

Okay.. A few of you vets out there might cringe upon hearing this; but yes. I've (or my brother) has come across a rootkit or two; which constantly redirect google links unless using a VPN.

Malwarebytes scan followed up with this list of bad files : http://puu.sh/17YRJ

(I recently did a system restore; which is why some of those are listed twice. )

I tried using Combofix; which managed to murder my Wireless drivers and was the cause of doing a system restore.

How can I safely remove these without them coming back?


My System SpecsSystem Spec
.

23 Sep 2012   #2

Windows 7 Ultimate 64 bit
 
 

Use TDSSKillier in safe mode. Then re-run all your malware software in safe mode as well doing full scans.

Anti-rootkit utility TDSSKiller
My System SpecsSystem Spec
23 Sep 2012   #3

MS Windows 7 Ultimate SP1 64-bit
 
 

Kaoruko

The answer is simple use WDO.

We have a tutorial on how to use WDO:
Windows Defender Offline

Here's the procedure I use, which is basically the same:
HOW TO USE MICROSOFT'S OFFLINE MALWARE REMOVER
Windows Defender Offline
performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.
is a free standalone, bootable malware and virus remover from Microsoft.

Download Windows Defender Offline (about 785 kB)
You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.

The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe

For the curious, this program was originally name Microsoft Standalone System Sweeper.


INSTALLATION:
Requires an Internet Connection.
Insert 512 mB or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will:
format the usb stick using the NTFS format.
download less than 230 mB.
name the USB stick WDO_Media32 or WDO_Media64
use less than 300 mB.

How to UPDATE the Windows Defender Offline USB stick:
reinsert the usb stick
run the installation program, mssstool64.exe or mssstool32.exe, again.
the update will download less than 65 mB.

Since the malware database is sometimes updated several times in a day, always update before running.

PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives

The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.
My System SpecsSystem Spec
.


23 Sep 2012   #4

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by bassfisher6522 View Post
Use TDSSKillier in safe mode. Then re-run all your malware software in safe mode as well doing full scans.

Anti-rootkit utility TDSSKiller
I can't seem to find the safe mode boot. f8, f1, and f2 don't show boot options.
My System SpecsSystem Spec
23 Sep 2012   #5

MS Windows 7 Ultimate SP1 64-bit
 
 

kaoruko,
malware seldom travels alone.
One of the main reasons I strongly recommend WDO.
My System SpecsSystem Spec
23 Sep 2012   #6

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by karlsnooks View Post
kaoruko,
malware seldom travels alone.
One of the main reasons I strongly recommend WDO.
I'm downloading it now; thanks
My System SpecsSystem Spec
24 Sep 2012   #7

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by bassfisher6522 View Post
Use TDSSKillier in safe mode. Then re-run all your malware software in safe mode as well doing full scans.

Anti-rootkit utility TDSSKiller
The TDSKiller found services.exe to be high threat, but "cure" does nothing and after re-scanning it show is again; along with the items MBam found.
My System SpecsSystem Spec
24 Sep 2012   #8

MS Windows 7 Ultimate SP1 64-bit
 
 

Run WDO.
My System SpecsSystem Spec
25 Sep 2012   #9

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi Kaoroku,

Unfortunately, if some specialist generic tools such as TDSKiller do not fix the problem, then a disk wipe and clean install are usually the only method to ensure that the rookits have been completely removed.

Regards,
Golden
My System SpecsSystem Spec
Reply

 Another major infection; Rootkits!




Thread Tools



Similar help and support threads for2: Another major infection; Rootkits!
Thread Forum
Getting rid of rootkits without normal/safe mode System Security
External HDD with possible rootkits System Security
Question about Windows 7 x64 and Rootkits System Security
14 Rootkits, Removal Help Needed System Security
Dealing with Rootkits Security News
how to avoid getting rootkits System Security
Windows vs. Rootkits. The root(kit) of all evil. Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:58 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33