Boot sector Virus removal: CIDOX

[mtnscott]

I'm helping a friend who is having a problem removing a boot virus on her Windows 7 system. She bought Norton360, installed it and worked with their support team to remove this virus. They found and removed other viruses, but they were unable to remove this particular virus. She utilizes my network to access the Internet and my ISP indicated that they were receiving spam generating traffic from my network. Here's the message they sent me:

This malicious traffic has been determined to be an instance of the "Zero Access" rootkit (also known as "Sireref").

Norton gives an indication on her computer that she has a boot trojan with the name: CIDOX.

Does anyone have a suggestion on how to clean her computer completely and removal all instances of virus and malware? She does have a Recovery set of disks that she created when she first activated her computer.

Thanks for any help that you can give.

 

[Jacee]

Follow instructions here for a clean re-install http://www.sevenforums.com/tutorials/219487-clean-reinstall-factory-oem-windows-7-a.html

 

[cottonball]

...or, we can take a good shot at it...


:info: Please download the Farbar Recovery Scan Tool:
Link:Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
:ar: Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
:ar: Also post the Addition.txt in your reply.

 

[gldndragn]

ya, you could try and tackle it, but my experience with these kind of rootkits says do a full reinstall. It will absolutely kill that virus. You will have to save all important data/files etc first, when doing a full install as all data will be lost. Just my thoughts.

 

[Borg 386]

You could also run TDSSKiller, which removes most rootkits.

TDSSKiller Rootkit Removal Utility Free Download | Kaspersky Lab US

However, malware tends to invite others to the table & if you want to be sure it's gone, a clean re-install is the way to go.

Be sure to format/wipe the disk before doing the reinstall as some rootkits have been known to survive a reinstall. Rootkits are known to write hidden boot partitions, so these must be eliminated from the disk.

 

[cottonball]

Rootkits are known to write hidden boot partitions, so these must be eliminated from the disk.

True!

...and there are tools that target these:

This malicious traffic has been determined to be an instance of the "Zero Access" rootkit (also known as "Sirefef").

Norton gives an indication on her computer that she has a boot trojan with the name: CIDOX.

However, at this point, we may have lost the OP!!