Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Getting rid of rootkits without normal/safe mode

31 Aug 2013   #1
TomanMT

Windows 7 Home Premium 64bit
 
 
Getting rid of rootkits without normal/safe mode

Hello,
I was wondering if it's possible to remove a rootkit without having to access normal or safe mode through windows recovery. Something like putting a program on a flash drive and running it from cmd.
I have recently run TDSSKiller recently and removed all threats, but due to unknown problems, I can't even use safe mode anymore (I just get the desktop with nothing on it.
I previously created a couple threads where I worked with VistaKing (why is he banned?) To remove any viruses, and the other when the problem came back but twice as bad.

Slow/freezes even in safe mode, found obfuscator virus

Update kb2859537 - cannot boot in normal or safe mode

The first problem was solved by uninstalling the update, but the second now seems to be a virus.

It would be of great help if someone could even point me in a direction because I'm not sure it is a virus since I worked through it with VistaKing.

If you read through this thank you for your time,
TomanMT


My System SpecsSystem Spec
.

31 Aug 2013   #2
TomanMT

Windows 7 Home Premium 64bit
 
 

I should add the reason why I'm looking at root kits as the issue: I suspect the update kb2859537 to be part of the problem and apparently it has lots of problems when rootkits are installed. It should be noted that I couldn't find the update when searching with DISM though. So I'm pretty lost and have no idea why this is all going so badly.
My System SpecsSystem Spec
31 Aug 2013   #3
marsmimar

Microsoft Community Contributor Award Recipient

 
 

Have you seen Windows Defender Offline?

Windows Defender Offline
My System SpecsSystem Spec
.


31 Aug 2013   #4
TomanMT

Windows 7 Home Premium 64bit
 
 

Thank you for responding, no I have not!
My System SpecsSystem Spec
31 Aug 2013   #5
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

You can use a boot partition manager called GParted. A rootkit will show up on the end of the drive as a hidden partition between 1 - 10 MB. In most cases it won't show up on Windows disk management, it will become visible with GParted.

GParted -- A free application for graphically managing disk device partitions

If you remove update kb2859537 & are still having problems, you could try running SFC to see if this can restore the integrity of your corrupted files. Be sure to run it 3X as it doesn't always fix everything the 1st or 2nd time.

SFC /SCANNOW Command - System File Checker

However, if your having that much trouble with your system, you may just want to wipe the drive & reinstall the OS. That way you get a clean start.
My System SpecsSystem Spec
31 Aug 2013   #6
TomanMT

Windows 7 Home Premium 64bit
 
 

Hello, how do I run GParted?
I can't run sfc because there is a "system repair pending."
I'm trying to do everything possible to avoid a clean start, as I have a lot of important data.
My System SpecsSystem Spec
31 Aug 2013   #7
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

GParted is a boot disk. It is downloaded as an .iso file. Once the file is downloaded, double clicking on it will launch your default CD Burning Software & create a boot disk.

You may want to make this disk on another PC so as to avoid the possibility of corruption.
My System SpecsSystem Spec
31 Aug 2013   #8
TomanMT

Windows 7 Home Premium 64bit
 
 

Oh. For some reason I got a tar.bz2 file.
My System SpecsSystem Spec
31 Aug 2013   #9
cottonball

Windows 7 Home Premium
 
 

TomanMT,

Quote:
I was wondering if it's possible to remove a rootkit without having to access normal or safe mode...
Using a computer with Windows 7, 64-bit system, create a System Repair Disk:
Instructions:
System Repair Disc - Create
[Note: a 64-bit System Repair Disc can only be created on a 64-bit Windows 7]
We will use the disc shortly.

Next, plug in a USB pen drive into the working computer.

Go to the the Farbar Recovery Scan Tool Download
Select the 64-bit download.
Save the program to the >> USB flash drive.
Remove when done.


[You may want to print these instructions so you can have access to them. Also, you may want to read them once before you apply them.]


Now, go to the problem computer.
Plug in the USB pen drive which has FRST.

Using the Windows 7 System Repair Disc just created, boot to the System Recovery Options (Option Two)
Instructions:
System Recovery Options

Select: Command Prompt

■In the Command Prompt window, at the blinking cursor type notepad and press: Enter
■In Notepad, under the File menu select: Open
■Double-click the Computer icon on the left.
■Find the pen drive letter, remember what letter it is, click on it, and press: Open
■Close out of Notepad.

■Click the Command Prompt window
■Type x:\frst64.exe, and press: Enter
Note: Replace the drive letter x with the drive letter of your pen drive!
■FRST starts, and prepares to run. Follow the prompts.
■Click Yes to the Disclaimer.
■Press the Scan button.

The scan runs, and, the program saves the FRST.txt, on the flash drive.

When done, click the Command Prompt window, type exit, and press: Enter
Back at the System Recovery Options, press: Shutdown
Remove the USB pen drive.

Plug the USB pen drive in the working computer, and please provide the FRST.txt in your reply.
My System SpecsSystem Spec
31 Aug 2013   #10
TomanMT

Windows 7 Home Premium 64bit
 
 

I have actually run Farbar before, but I'll do it again when I can (running kaspersky rescue disk)
Thanks!
My System SpecsSystem Spec
Reply

 Getting rid of rootkits without normal/safe mode




Thread Tools





Similar help and support threads
Thread Forum
Win7 Prof no desktop or icons in normal mode; safe mode okay
Lenovo Laptop Windows starts normally, but after login displays a black screen with only cursor showing. Mouse is okay, ctrl-alt-del opens a window and task manager works okay. Safe mode with networking works normally. Restored from to a restore point prior to an install of "proformax...
General Discussion
BSOD BCCode 50. freezes in normal mode, works fine in safe mode
laptop has been randomly freezing. cursor disappears no keyboard function. only thing to do is manual shutdown. Now getting a BSOD error 50. any help?
BSOD Help and Support
Windows doesn't login properly in normal mode but fine in safe mode
Hi, I got win 7 home premium 64 bit on an i3 laptop. My system worked fine until today morning. The problem is this; When I boot the system in normal mode, I get to the part where I need to enter my password to login. Once i do that, all I get is a black screen with the mouse pointer that...
General Discussion
Explorer running slow in normal mode, fine in safe mode.?
Hey guys I've checked through some of the tuts and what-not on this forum and still can't find a way to get me out of trouble.. i turned my computer on yesterday (23rd September) and there was an automatic update. Ever since the update my computer has been extremely slow (will take several minutes...
Performance & Maintenance
Windows Normal Mode Crashes to BSOD and Safe Mode doesn't load
I need some help please as I do not know where to start. I installed a Windows Update a few days ago and then got a BSOD the next time I turned my PC on. So I did a system recovery and this seemed to work. Now, it's happened again without me doing a Windows Update and I cannot get into...
BSOD Help and Support
Poor upload speed in normal mode, fine in safe mode
My speedtest.net performance is 30 Mbps download, and between 0.3 and 2.0 Mbps upload. If I start in safe mode with netorking, I get download and upload speeds of 25-30, my contracted speeds. Obviously, something loading in the full mode interferes with upload speed. I have tried restarting in...
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:12.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App