Boot sector Virus removal: CIDOX


  1. Posts : 1
    Windows 7 32 bit
       #1

    Boot sector Virus removal: CIDOX


    I'm helping a friend who is having a problem removing a boot virus on her Windows 7 system. She bought Norton360, installed it and worked with their support team to remove this virus. They found and removed other viruses, but they were unable to remove this particular virus. She utilizes my network to access the Internet and my ISP indicated that they were receiving spam generating traffic from my network. Here's the message they sent me:

    This malicious traffic has been determined to be an instance of the "Zero Access" rootkit (also known as "Sireref").

    Norton gives an indication on her computer that she has a boot trojan with the name: CIDOX.

    Does anyone have a suggestion on how to clean her computer completely and removal all instances of virus and malware? She does have a Recovery set of disks that she created when she first activated her computer.

    Thanks for any help that you can give.
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Follow instructions here for a clean re-install Clean Reinstall - Factory OEM Windows 7
      My Computer


  3. Posts : 2,470
    Windows 7 Home Premium
       #3

    ...or, we can take a good shot at it...


    Please download the Farbar Recovery Scan Tool:
    Link:Farbar Recovery Scan Tool Download
    Select the version that applies to your system.
    Save it to your Desktop.

    Double-click the downloaded file to run it.
    When the tool opens click Yes to the disclaimer.

    Press the Scan button.

    The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
    Please provide the FRST.txt in your reply.

    The first time the tool is run, it also makes another log: Addition.txt
    Also post the Addition.txt in your reply.
      My Computer


  4. Posts : 278
    Windows 7 Home Premium (64 bit)
       #4

    ya, you could try and tackle it, but my experience with these kind of rootkits says do a full reinstall. It will absolutely kill that virus. You will have to save all important data/files etc first, when doing a full install as all data will be lost. Just my thoughts.
      My Computer


  5. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #5

    You could also run TDSSKiller, which removes most rootkits.

    TDSSKiller Rootkit Removal Utility Free Download | Kaspersky Lab US

    However, malware tends to invite others to the table & if you want to be sure it's gone, a clean re-install is the way to go.

    Be sure to format/wipe the disk before doing the reinstall as some rootkits have been known to survive a reinstall. Rootkits are known to write hidden boot partitions, so these must be eliminated from the disk.
      My Computer


  6. Posts : 2,470
    Windows 7 Home Premium
       #6

    Borg 386 said:
    Rootkits are known to write hidden boot partitions, so these must be eliminated from the disk.
    True!

    ...and there are tools that target these:

    This malicious traffic has been determined to be an instance of the "Zero Access" rootkit (also known as "Sirefef").

    Norton gives an indication on her computer that she has a boot trojan with the name: CIDOX.
    However, at this point, we may have lost the OP!!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:12.
Find Us