Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Boot sector Virus removal: CIDOX

07 Nov 2013   #1
mtnscott

Windows 7 32 bit
 
 
Boot sector Virus removal: CIDOX

I'm helping a friend who is having a problem removing a boot virus on her Windows 7 system. She bought Norton360, installed it and worked with their support team to remove this virus. They found and removed other viruses, but they were unable to remove this particular virus. She utilizes my network to access the Internet and my ISP indicated that they were receiving spam generating traffic from my network. Here's the message they sent me:

This malicious traffic has been determined to be an instance of the "Zero Access" rootkit (also known as "Sireref").

Norton gives an indication on her computer that she has a boot trojan with the name: CIDOX.

Does anyone have a suggestion on how to clean her computer completely and removal all instances of virus and malware? She does have a Recovery set of disks that she created when she first activated her computer.

Thanks for any help that you can give.


My System SpecsSystem Spec
.
07 Nov 2013   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Follow instructions here for a clean re-install Clean Reinstall - Factory OEM Windows 7
My System SpecsSystem Spec
07 Nov 2013   #3
cottonball

Windows 7 Home Premium
 
 

...or, we can take a good shot at it...


Please download the Farbar Recovery Scan Tool:
Link:Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.
My System SpecsSystem Spec
.

07 Nov 2013   #4
gldndragn

Windows 7 Home Premium (64 bit)
 
 

ya, you could try and tackle it, but my experience with these kind of rootkits says do a full reinstall. It will absolutely kill that virus. You will have to save all important data/files etc first, when doing a full install as all data will be lost. Just my thoughts.
My System SpecsSystem Spec
08 Nov 2013   #5
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

You could also run TDSSKiller, which removes most rootkits.

TDSSKiller Rootkit Removal Utility Free Download | Kaspersky Lab US

However, malware tends to invite others to the table & if you want to be sure it's gone, a clean re-install is the way to go.

Be sure to format/wipe the disk before doing the reinstall as some rootkits have been known to survive a reinstall. Rootkits are known to write hidden boot partitions, so these must be eliminated from the disk.
My System SpecsSystem Spec
08 Nov 2013   #6
cottonball

Windows 7 Home Premium
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Rootkits are known to write hidden boot partitions, so these must be eliminated from the disk.
True!

...and there are tools that target these:

Quote:
This malicious traffic has been determined to be an instance of the "Zero Access" rootkit (also known as "Sirefef").

Norton gives an indication on her computer that she has a boot trojan with the name: CIDOX.
However, at this point, we may have lost the OP!!
My System SpecsSystem Spec
Reply

 Boot sector Virus removal: CIDOX




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Virus Removal
Just bought a laptop pretty decently priced even with the virus problem. I am just having problems getting rid of this one. It has content explorer which sets up proxy so after disabling it i can not get on net to install removal sofware. It has wb.exe, pc health, a password viewer, scorpion...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
Virus Removal
My Microsoft Security Essentials keeps alerting me to something called: Name: Exploit:HTML/IframeRef.gen Alert Level: Severe I click remove but sometime later the message pops up again saying to remove. I have clicked remove quite enough times now but still the pop-up appears. I have also...
System Security
bad sector removal using win7 ?
how can i remove the bad sector from my hard drive using win7?
Performance & Maintenance
Boot Sector Virus Help For Win98
Hi Everyone! A freind of mine has a boot sector virus. He is running Win98 on Dialup. I know its slooow. Is there any program he can download from a safe site that will detect & remove it? Thanks!
Chillout Room
After Virus Removal
After virus removal, this message has been popping up every time I start the computer. What do I do to restore these two DLL files? Startup repair has done nothing and I don't want to system restore because I just installed tons of drivers.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:18.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App