Support MGoBlog: buy stuff at Amazon

OT- ZeroAccess rootkit trojan: Anyone with experience/advice on removing?

55 posts / 0 new
Login or register to post comments
Last post
June 11th, 2012 at 3:39 PM
#1
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
OT- ZeroAccess rootkit trojan: Anyone with experience/advice on removing?

Mods, feel free to delete if you like ... but I recalled how knowledgeable many people were on this board during last year's MGoBlog malware mess, so I'm hoping to tap into MGoBlog's collective wisdom here...

So my home laptop has picked up the ZeroAccess rootkit trojan, which I've read is a nasty little bugger to remove. Feeling like an idiot, because I clicked on the trojan -- what pretended to be an Adobe Flash update -- even when part of my interior B.S. detector KNEW it was phony. Stupid is as stupid does... argh.

I need to get rid of this thing ASAP. Here's the rundown ... I'd appreciate any help/advice anyone can offer (my machine is a Gateway, running Vista and McAfee):

* Soon after making the fateful click on the trojan, I started getting numerous McAfee trojan removal popups (sometimes as often as every few seconds) saying something like "Trojan detected/removed, no further action required." Under "more," it listed ZeroAccess as the culprit.

* I ran a full McAfee scan, which detected & quarantined 2 items

* Then I downloaded and ran the McAfee rootkit remover -- it found nothing

* Then I downloaded Malwarebytes, ran the quick scan, which detected and removed two items, and then rebooted

* Alas, after reboot I still kept getting the same McAfee trojan popups. However, the rest of the machine seemed to be running normally -- I'm not getting redirected to any crazy websites, etc. But I'm keeping the laptop off for now as a precaution.

What should I do next? My computer skills are limited to the basics, although I can follow directions OK. I'm fairly certain I haven't eliminated this bugger, and want to make sure my computer's clean before getting back online and doing anything like paying bills, etc. 

* I dug up some very thorough Zeroaccess/Sirefef rootkit removal guides, like this one. (e.g., run a Kapersky rescue disk reboot, then run a bunch of malware scanners like Rkill, Malwarebytes, and Emsisoft Emergency Kit, and then follow a few more steps at the end to remove any residual damage from the rootkit -- check DNS settings, HOSTs file, and run the Tweaking.com Windows Repair tool.)

It looks tedious and time-consuming to this layman, but I'm willing to do it, if it means I'll have a clean machine at the end. But how confident can I be that I've removed the rootkit completely?

* Another option I've read about is doing a system restore, via the Command prompt. (i.e., rstrui.exe) But doesn't a rootkit have the ability to survive that?

* That leads me to wonder if the only way I can truly be sure I've got a clean computer is to wipe/reformat my hard drive and reinstall the factory settings from the Gateway recovery partition. (The partition allows me to reformat and reinstall factory settings/programs without original disks, right? I'm not even sure the laptop came with any disks, and if it did, hell if know where they are, since I bought the thing 4-5 years ago...)

How much of a pain will this be? If I back up non-execute/system files (personal files, docs, photos, music, etc that I want to keep) onto disks/external drives before I do the reformat/reinstall, could those still be infected w/the rootkit when I copy them back onto the (presumably) clean computer? Or does a rootkit just mess around with system/.exe type files?

Again, I appreciate any help anyone on the board can offer!

Top
Tags:

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
June 11th, 2012 at 3:52 PM
#2
Moleskyn
Moleskyn's picture
Joined: 06/28/2010
MGoPoints: 5004
To be honest, just treat

To be honest, just treat yourself to a new laptop. In this day and age, any piece of technology over 5 years old is ancient. Plus, Vista was an awful OS. Windows 7 is so much faster, easier to use, etc. I'm sure this will draw some snarky responses from Mac or Linux users, but whatever. Depending on what you need out of a computer, you could easily find a decent one for well under $1,000.

Top
June 11th, 2012 at 4:02 PM
(Reply to #2) #3
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
The thought has crossed my mind...

I'd prefer first to make a good effort at saving my current machine, before buying a new one w/$$ that I'd rather spend on other family priorities right now. That's just how I am when it comes to big-ticket items -- e.g., the family minivan has 65k miles on it and I plan on us driving that thing until the 150k mark at least before even thinking about getting a new one. 

But I'm preparing myself mentally for the prospect that you might be right.

Top
June 11th, 2012 at 4:36 PM
(Reply to #5) #4
Moleskyn
Moleskyn's picture
Joined: 06/28/2010
MGoPoints: 5004
I hear you! My car is coming

I hear you! My car is coming up on 190K, and I'm hoping to milk 200K out of it. As I said below, my laptop at home has Vista on it, but I don't use it often enough to warrant a replacement at this point. Plus, higher financial priorities right now. But having used work laptops with Windows 7 for the past couple of years, I greatly prefer 7 to Vista.

Top
June 11th, 2012 at 4:02 PM
(Reply to #2) #5
joeyb
joeyb's picture
Joined: 10/12/2008
MGoPoints: 13904
Vista was not an awful OS. It

Vista was not an awful OS. It had a very rocky launch due to lack of driver support and it had new features that some people didn't like, which could be turned off in 10 seconds. Windows 7 is basically Windows Vista with a new skin and a few new features. Nothing changed under the hood, which is why it had a much smoother launch and everyone loves it. Once it got off to a rocky start, all of the bad reviews came out and that frame of mind stuck around. I guarantee that Windows 8 is doomed because it offers so many new features that many won't like. They won't bother to look into how to turn those settings off and they will label it as a failure, just like they did with Vista.

Top
June 11th, 2012 at 4:34 PM
(Reply to #6) #6
Moleskyn
Moleskyn's picture
Joined: 06/28/2010
MGoPoints: 5004
Eh, I disagree. I got a Dell

Eh, I disagree. I got a Dell with Windows Vista on it, and I really liked the OS compared to XP. But it wasn't the features that turned me off from it. It was the performance. It took longer to boot than XP. FWIW, I still have that laptop at home, and use it, but my work laptop has Windows 7 and I like this one a lot more than the one at home. Maybe my view of Vista is jaundiced since the time when I used it most heavily was not long after it came out. Vista was a necessary step for Microsoft to take, since they botched the version before that (can't remember the name, it was something native-Americanny if I remember correctly), but Vista was a bridge between XP and Windows 7. From what I've read, Microsoft is going to be rolling out new operating systems every few years now; a lot more frequently than the amount of time that went between XP and Vista, at least.

Top
June 11th, 2012 at 5:23 PM
(Reply to #14) #7
joeyb
joeyb's picture
Joined: 10/12/2008
MGoPoints: 13904
Longhorn was the code name.

Longhorn was the code name.

Top
June 11th, 2012 at 4:47 PM
(Reply to #6) #8
JHendo
JHendo's picture
Joined: 10/25/2008
MGoPoints: 13348
Windows Vista with the latest

Windows Vista with the latest service pack is essentially Windows 7.  Transversely, Windows 7 really should have just been a final service pack for Vista (even though thems is fighting words to some people).  That being said, the early versions of Vista were god awful and it is a terrible OS.

To put it in football terms, if a football team had lost it's first 10 games of the season, but somehow pulled off a couple shockers to win it's final 2 against decent teams, it doesn't stop the fact that they're a terrible 2-10 team at the end of the day.

Formerly jhender85 (drastic change, no?)
Top
June 11th, 2012 at 5:38 PM
(Reply to #19) #9
joeyb
joeyb's picture
Joined: 10/12/2008
MGoPoints: 13904
My point was that the early

My point was that the early versions of Vista were god awful because they changed the framework for drivers and the hardware manufacturers didn't do anything about it until after launch. That was the single biggest issue with Vista. It literally made Vista unusable, but there wasn't anything that Microsoft could do about it, but all of the blame falls on them because what worked in XP no longer worked in Vista.

There were other bugs, but there were lots of bugs for Windows 7's launch too. It's just that those issues got exacerbated in the media because of the issues with the drivers. Then, you throw new features, like UAC, which were pretty much universally hated, into the mix and you get a perfect storm of events that places the entire OS into a bad light for it's lifespan, even though, the new features could be turned off, the bugs were fixed in a timely fashion just like every other launch, and the hardware manufacturers got their act together and fixed their drivers (for the most part) within a week of launch.

If you are going to compare it to a football season, I'd say it was much more like a team that had extremely high expectations, but lost it's first game inexplicably, then lost it's second game, basically condemning the whole season. That team then goes on a huge win streak, but even though it did everything right in the end, the first two losses, particularly the first one, will always hang over it's head, even if they win their conference and bowl game.

Top
June 11th, 2012 at 11:35 PM
(Reply to #27) #10
ChopBlock
ChopBlock's picture
Joined: 12/11/2011
MGoPoints: 2259
So basically 2007

But think of the kittens!

"The straightest line from A to B is straight: From A to B"

"When you have Denard Robinson, you can have everything"

~George Walden

Top
June 11th, 2012 at 8:45 PM
(Reply to #6) #11
switch26
Joined: 02/04/2010
MGoPoints: 4066
sorry to say, but you know

sorry to say, but you know nothing about computers..  Vista was TERRIBLE..  they even acknowleged how bad it was.

 

Win7 is beyond far and above vista..  If your computer can handle vista, you should be able to easily upgrade to Win7...  win7 had a rocky start?  huh?  

 

There isn't the same frame of mind with win7 as win vista at all..   Not sure who you talk to or who you hang around with, but Win7 has never had a problem on my rig, but i custom build PC's and Vista was nothing but a joke, and Win7 has run flawless.. You are wrong sorry

 

I agree win8 could be not for everyone, but who cares..  Vista sucked period..  Sorry to break your heart

 

this was in response to joeyb, but it didn't reply properly

 

 

 

In other news.. i have no clue how you people get so many viruses/malware.. Once i rebuilt my new rig, i didn't download stupid shit and i never have problems ever.. 

Top
June 11th, 2012 at 9:03 PM
(Reply to #36) #12
joeyb
joeyb's picture
Joined: 10/12/2008
MGoPoints: 13904
I never said that Windows 7

I never said that Windows 7 had a rocky start. I said it had bugs like everything else. XP had them too. Every release of OS X and Linux has them too, but they get patched. Windows 7 is the Windows 6.1 kernel with a new user interface, i.e. Windows 7 is Windows Vista with a new skin. They changed nothing on the back end, which is why Windows 7 works flawlessly on all machines; the manufacturers had 3 years to get the drivers perfect with Vista.

I really don't care if you don't like Vista. That's your opinion and you have a right to it. It just bothers me when people try telling people that they have to "upgrade" from Vista to Windows 7 because of bad reviews stemming from issues that were fixed within the first month of release.

And before you twist my words again, I liked Vista since Beta and thought it was a huge step up from XP. I like Windows 7 even more than Vista due to the interface, but I'm familiar enough with what's underneath the skin that I know they are pretty much the same OS.

Top
June 11th, 2012 at 10:22 PM
(Reply to #37) #13
htownwolverine
htownwolverine's picture
Joined: 09/02/2009
MGoPoints: 6924
Ha Windows ME was the worst!

Ha Windows ME was the worst! Complete garbage!

Who is Jon Falk?
Top
June 11th, 2012 at 10:24 PM
(Reply to #40) #14
joeyb
joeyb's picture
Joined: 10/12/2008
MGoPoints: 13904
No arguments here.

No arguments here.

Top
June 11th, 2012 at 10:37 PM
(Reply to #40) #15
M - Flightsci
M - Flightsci's picture
Joined: 06/30/2008
MGoPoints: 340
Godawful

Godawful

Accelerate Your Life
FLY NAVY

Top
June 12th, 2012 at 9:33 AM
(Reply to #37) #16
Hannibal.
Hannibal.'s picture
Joined: 09/09/2008
MGoPoints: 6105
Vista's problems weren't

Vista's problems weren't fixed.  From a gamer's standpoint, it was an absolute;y attrocious operating system.  An terrible piece of festering monkey shit.  Knowing that there might be some problems, I kept a dual boot system with XP on an old hard drive.  Even a couple of years after Vista was launched, all of the games that I tried in both XP and Vista ran either the same or significantly better in XP (Crysis, Gears of War, GTA IV, and The Witcher are some of the ones that I tried).

When I upgraded from Vista to 7, the improvement was immediate and noticable.  If it's just Vista with a new coat of paint, then that is one effective coat of paint. 

Top
June 11th, 2012 at 3:53 PM
#17
Hannibal.
Hannibal.'s picture
Joined: 09/09/2008
MGoPoints: 6105
I have this same problem

I have this same problem right now, and I have already backed up everything in anticipation of wiping and re-installing the operating system.  i even have a dual boot system and when I ran a virus scan and Malaware after booting up on the other drive, it still couldn't get it clean.  When I researched the problem, I found some solution-like substances that involved some complicated-looking stuff that had the risk of screwing up your system. 

Top
June 11th, 2012 at 4:19 PM
(Reply to #3) #18
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
How will you be sure your backed up files are clean?

I've only read a little about this approach, but it seems to be another challenge -- how do you make sure all the files you've backed up are clean before you put them on the newly wiped computer? I'd hate to go through the hassle of a wipe/reinstall if I'm just going to reinfect the machine when I reload all the files I've saved.

Top
June 11th, 2012 at 3:57 PM
#19
RowoneEndzone
RowoneEndzone's picture
Joined: 09/27/2008
MGoPoints: 3399
I've had the same one on my

I've had the same one on my wife's junk laptop for a year plus.  I just do important banking and buying from a different computer now.

"Wasn't that Michigan drive just great.  That's like Patton riding into Berlin." ~Bob Ufer

Top
June 11th, 2012 at 4:18 PM
#20
robbyt003
robbyt003's picture
Joined: 10/25/2010
MGoPoints: 8251
If you have everything backed

If you have everything backed up.. Just restore it to factory defaults and cut your losses.  While that is not a guarantee to remove the virus, 9 times out of 10 it days.  If you do not know how. here ya go.

http://support.gateway.com/s/software/microsof/Vista/7515910/7515910su9.shtml

 

“When your team is winning, be ready to be tough, because winning can make you soft. On the other hand, when your team is losing, stick by them. Keep believing” - Bo Schembechler

Top
June 11th, 2012 at 4:27 PM
(Reply to #7) #21
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
This is helpful, thanks

One question -- how does this ("Restore System to Factory Default") differ from this ("Full Factory Recovery")?

Top
June 11th, 2012 at 10:40 PM
(Reply to #9) #22
M - Flightsci
M - Flightsci's picture
Joined: 06/30/2008
MGoPoints: 340
Apocalypse

You seriously just wipe the HDD's and don't attempt an in-place removal?  Wow... I worked for a college IT help desk and we would spend hours upon hours attempting to remove malware without resorting to nuking most of the data.  That certainly would have been a more efficient solution on our end, although in no way elegant.

Accelerate Your Life
FLY NAVY

Top
June 11th, 2012 at 10:53 PM
(Reply to #44) #23
bluebloggin
bluebloggin's picture
Joined: 12/04/2010
MGoPoints: 464
I'm a network admin

And this approach is more common than you'd believe. It's up to the user to diligently backup because it's a waste of time to try and remove viruses especially if they're root kits. Root kits drive into the cornerstone and it's better to backup and nuke it.



With viruses your run the risk of leaving hangerons so just blow it up and be more careful next time

I piss excellence and poop gold

Top
June 11th, 2012 at 4:24 PM
#24
jlcoleman71
jlcoleman71's picture
Joined: 07/15/2008
MGoPoints: 137
I've had similar rootkit

and trojan/malware issues in the past year, the standard programs were no good......malwarebytes and others did nothing.

I did some digging around online at the time and came across a program called "ComboFix.exe"...........I've used it twice now and have found it to be my last defense against these types of problems........it's looks ghetto and runs out of the DOS window........it runs an initial scan, will detect the problems and then ask to reboot.........once it reboots, it goes through a number of steps and ultimately got rid of the issues I had..........I was skeptical at first, but it works great.

You can download it from the cnet.com website.......and it's free.

http://download.cnet.com/Combofix/3000-8022_4-75221073.html

Top
June 11th, 2012 at 4:52 PM
(Reply to #10) #25
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
Thanks -- have heard about ComboFix

It seems like nothing's foolproof, though - I've read of people using itand it still hasn't solved the problem (same goes for Malwarebytes, Kapersky/TDSSKiller, and all the rest). Guess I'll just have to try everything and see if any of them work!

Top
June 11th, 2012 at 5:22 PM
(Reply to #21) #26
htownwolverine
htownwolverine's picture
Joined: 09/02/2009
MGoPoints: 6924
Combofix will remove pretty

Combofix will remove pretty much anything. I use it all the time. Run it two/three times and you should be ok. Kapersky and others like it are desiged for end users who are stupid and click on bad looking things (just kidding).

I have run my machines for 10 years with no AV. I use spyobt and superantispyware in the background and have Combofix and Malware Antibytes for cleaning.

Also, check out Hirens boot Cd as this has most any tool you need. Including the ability to load a lite version of Linux via flash drive to access hard drives when the dreaded Blue Screen of Death appears.

 

Check out this link sounds like this virus is a real MF'er :

 

Bleepingcomputer

 

Who is Jon Falk?
Top
June 11th, 2012 at 5:33 PM
(Reply to #22) #27
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
Ha!

"Kapersky and others like it are desiged for end users who are stupid and click on bad looking things (just kidding)."

I deserved that one. :-)

And yes, from everything I've read ZeroAccess is really nasty -- a tough nut to crack.

Top
June 11th, 2012 at 5:36 PM
(Reply to #21) #28
Griff88
Griff88's picture
Joined: 01/26/2010
MGoPoints: 1315
Combofix

is very good. However, it's an extremely powerful program. If you are not sure what you are doing... Combofix can really screw things up. I would back everything you need first... then run combofix. Otherwise, if you make a mistake with combofix... you will not be able to boot up into windows.

Top
June 12th, 2012 at 9:34 AM
(Reply to #26) #29
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
Thanks for the heads up

I've read of people having success using Combofix to remove the ZeroAccess rootkit only to find that they can't get an internet connection, can't connect to their network printer, etc.  So if I choose that path I'll proceed with caution (and probably with the help of one of the forums mentioned elsewhere in this thread).

Top
June 11th, 2012 at 6:04 PM
(Reply to #10) #30
Philip A. Duey
Philip A. Duey's picture
Joined: 08/11/2011
MGoPoints: 288
Similarly...

rkill.exe has been a godsend for me; just download it to your computer, let it run, and it'll stop any processes that the rootkit/adware/whatever is using to block Malwarebytes or SuperAntiSpyware or whatever program you're trying to use.

Here's the download link:http://www.bleepingcomputer.com/download/rkill/

At hostes, pol, perniciter eant εις κοράκας

Top
June 11th, 2012 at 4:30 PM
#31
joeyb
joeyb's picture
Joined: 10/12/2008
MGoPoints: 13904
So, here is my thought on

So, here is my thought on viruses. 90% of the time, anti-virus should take care of viruses with no issue. 9% of the time, you might have to do a little bit more, but everything works out. That 1% of the time, though, even if you manage to remove it from your system, it leaves it's mark behind. I find that when a virus is difficult to remove, the damage has already been done and it's easier to just cut your losses and start clean. I go with this mentality from the start and I keep all of my data separate from the OS. Lately, it's been a lot easier because I can keep almost everything online.

I know nothing about this particular rootkit, but, generally, rootkits are so deep in the system, they essentially become or appear to be part of the system, which is why they are so hard to remove. If you wipe, there should be no trace of the rootkit left over.

Depending on your priorities, here is what I would do.

  1. Back everything up.
  2. Try some of the more dangerous procedures to remove the virus (I'd skip this but it is an option).
  3. Format your system and start fresh.
  4. Get rid of McAfee, do a bit of research, and pick the best AV for you. I use Microsoft Security Essentials. Avast and AVG are also free. I've heard good things about Panda Security, but I think that costs money.

As Moleskyn mentioned above, there is the option of buying a new computer as well. That is not necessary, though, if your laptop was running to your satisfaction before the virus. If a computer is built right when you buy it, it can last years before it needs to be replaced. I built a computer for $600 6 years ago, replaced the graphics card 2 years ago, and it's still kicking. I won't upgrade that computer until I start having issues running software, which hasn't happened yet. If, however, your computer was slow, even before the virus, I suggest that you purchase a new laptop as reformatting would be like doing a full detail on a car with 150k miles on it that you don't plan on keeping for too much longer.

If you decide to do #2 in the list above, I found plenty of resources with a google search that should walk you through the steps necessary to remove it. You could also probably post on one of those forums and have someone help you one-on-one with your specific scenario.

Top
June 12th, 2012 at 8:44 AM
(Reply to #12) #32
Moleskyn
Moleskyn's picture
Joined: 06/28/2010
MGoPoints: 5004
So, question: I've never had

So, question: I've never had a problem with a virus on my computer, so I've never really thought of these things, but regarding storing all of your data somewhere other than your hard-drive, do you mean you store all of your files (Word docs, Excel spreadsheets, etc.) elsewhere? You can't do that with program files, can you? For instance, I have a 320 GB external hard drive that I pretty much just use for pictures and videos and such, so that they don't bog down my computer, but could I place my executables for Word, Excel, Photoshop, etc. on there, too? Basically just use the computer as an interface for accessing everything on my external hard drive?

Top
June 12th, 2012 at 11:16 AM
(Reply to #48) #33
joeyb
joeyb's picture
Joined: 10/12/2008
MGoPoints: 13904
The first thing that I do

The first thing that I do with a new laptop is I zero the hard drive to get rid of all manufacturer stuff. Then, I partition the hard drive and put the OS on a ~50GB partition and give the rest to the second partition which I use for data, e.g. pictures, videos, documents, spreadsheets, etc. I used to change My Documents to point to the D: drive (Data partition) in XP so that nothing was ever stored on the C: drive, but Vista and 7 require a much bigger process to get the same functionality. Now, I just use Google Docs and back up all of my pictures to Google, so the partition is generally just used for random stuff like downloads or programs that I'm working on.

Executables are kind of tricky. Basically, you can install to the data partition, but if they need access to the registry and you wipe your OS, then you just FUBARed your program. They do make versions of software, meant to go on thumb drives, that you can choose to install on your data partition or external hard drive. Those update on their own schedule, but would do what you are looking to do. Like I said, it's meant for flash drives, so you probably aren't going to see a lot of really big programs available to you. Also, they have to have access to the source code and they rebuild them with this specific purpose, so I doubt that you can find MS Office, but who knows? Usually, though, I find it's just better to install all of your programs again. A lot of programs don't update, so installing fresh will get you the latest version. If you purchased (or downloaded) a program that can't be upgraded, then just keep the installer on your data drive in folders. I used to do that for hard-to-find programs.

Top
June 12th, 2012 at 11:28 AM
(Reply to #12) #34
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
McAfee question

Thanks for your thoughts, joeyb -- appreciate your insights.

One question: There seem to be a lot of negative opinions of McAfee on this board, and I'm genuinely curious why that's so, as I don't follow this world of antivirus programs closely. (I suppose that's about to change...) McAfee has always worked fine for us, and I certainly don't blame it for my current predicament, which is my fault. (Unless someone tells me that a better AV would've blocked those phony Adobe Flash update popups from even appearing.) I also work at a place where, to put it mildly, there is an extreme emphasis on IT security, and we have McAfee on the computers here.

Are McAfee/Symantec etc. just too big to be agile enough to keep up with the ever shifting threats from hackers? Or is there some other reason they aren't as good as others? 

 

Top
June 12th, 2012 at 11:46 AM
(Reply to #51) #35
joeyb
joeyb's picture
Joined: 10/12/2008
MGoPoints: 13904
Personal experience for me.

Personal experience for me. McAfee just used to slow my computer to a hault. It also did little to prevent the worst viruses and still didn't clean the computer very well when it managed to find viruses. I used to have to supplement McAfee with AdAware and Spybot way back in the day. It is also confirmed in a lot of tests between AV programs; it just doesn't protect or clean as well as other programs.

We use Symantec at my work too. I don't know if there is a major difference between their enterprise and home AV solutions, but our CSO doesn't use Symantec at home either. Maybe it's just because the free AV programs are as good as, if not better than, the ones you pay for.

For a while, I dropped anti-virus altogether. I went years without getting a virus just by being smart about what I was doing. I did manage to get a virus at one point, but I'm pretty sure it was from one of my room mates.

When Microsoft Security Essentials came out, I tried it out with the thought that MS knows their system better than anyone else and it should integrate really well. It runs so flawlessly that I forget that I have it installed. I install it on every computer that I fix for people. What kills me is when I go to my in-laws and they (I'm thinking it's my brother-in-law) installed AVG on top of MSE. In case you weren't aware, having two AV programs is bad. Essentially, AV programs act like a bigger, badder virus and watch over your stuff for you. When you have two competing, they get in each others' ways and you end up with lapses in coverage.

Top
June 11th, 2012 at 4:30 PM
#36
a non emu
Joined: 06/30/2008
MGoPoints: 718
The laptop is old enough. Get

The laptop is old enough. Get your data off and re-image. if you don't have your original windows product key, just put Ubuntu/Linux Mint on it. for day to day tasks like browsing you won't notice a difference. If anything it'll probably run a little faster.

Top
June 11th, 2012 at 5:14 PM
#37
Griff88
Griff88's picture
Joined: 01/26/2010
MGoPoints: 1315
In

In this case, system restore will not work. Before you run any tool/cleaner, turn it off.

Download Tdsskiller from here

 http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Follow the instructions here

http://support.kaspersky.com/faq/?qid=208280684

Good luck, I hope you get rid of this nasty bug. If you want to be completely sure, then backup everything you want to save. Either burn the saved items to disk, or back them up to an external hard drive. Once that's done, make sure you have unpluged your external from the laptop. It's easy to forget that it's still connected, and you can accidentally format the external as well. Once you have everything backed up, then you can reformat/reinstall windows. All you need is a Windows Operating System Disk. You don't need the original recovery disks that came with the laptop.

If you don't know how to reformat/reinstall Windows. You will want to delete all partitions on the laptop, and then do the reinstall. You can find many youtube tutorials on how to do it. It's not hard, just take your time.

Top
June 11th, 2012 at 4:41 PM
#38
Dantana
Joined: 08/24/2011
MGoPoints: 127
I have dealt with these

I have dealt with these things in the past and am currently in the middle of trying to clean my computer from Trojan Sirefef.

To me, wiping the hard drive is the absolute last chance fix. There are many good forums much like this one that have techs who will walk you through the process of cleaning the computer for free.

The one I use is called www.techsupportguy.com. Create a login, then go to the  virus/malware removal forum and post your symptoms/malware/etc and wait for someone to respond. To speed things up, download a program called hijackthis (link should be on techsupportguy site) and run it and post the results in your initial post. This is a quick system snapshot of what programs are running and they can see what doesnt belong.

A few years back my computer autoinstalled an update which completely screwed up my computer, blue screen of death and all. I called Dell and explained it was one of their updates which caused the problem. Their solution? Wipe out the entire hard drive. I said F that and got on to techsupportguy and explained my situation. They walked me through uninstalling that particular update and bingo...computer back to normal.

 

Top
June 11th, 2012 at 7:41 PM
(Reply to #17) #39
acnumber1
acnumber1's picture
Joined: 10/19/2009
MGoPoints: 18400
I second this approach

I used one other than techsupportguy but it looks to be a similar service.  Might take a day or two by they are thorough and effective.

5 4 3 2 1 Touchdown! Touchdown Billy Taylor! Touchdown Billy Taylor!

Top
June 11th, 2012 at 4:45 PM
#40
bronxblue
Joined: 11/22/2008
MGoPoints: 46221
I ran into this problem with

I ran into this problem with my netbook a couple of years ago, and ultimately all I did was clean the system and reinstall the OS.  If you have your files backed up, you should be good.  Might need to follow up with some of the vendors if you have license keys, but that's relatively trivial and shouldn't be an issue for those that rely on physical addresses/IDs for authenticating your system.

Rootkits are notoriously tough to get rid of, and at some point just starting over makes more sense than slamming your head against a wall.

Top
June 11th, 2012 at 4:50 PM
#41
Blue Durham
Blue Durham's picture
Joined: 06/30/2008
MGoPoints: 4675
I've had similar problems with a trojan called vundo a few years

back.  I went to the web site AUMHA.net and looked/searched through a variety of threads.  A number of other people were having similar problems and they fixed it for them.  About AUHMA:

  • They are computer guys who do this free but expect donations.  If they fix your problem, then I am sure you will be willing to donate.
  • They solve a variety of problems for a lot of people.  Look through the relevent threads and see how they handle people and what they expect.
  • How it works:  Unlike MGoBlog, you are instructed to post on your own thread ONLY.  If you post on someone else's thread, they will likely not only not help you but ban you. 
  • These guys do not suffer fools at all.  Do exactly what they ask, everything they ask, and in the order that they ask.  You screw up once, they will berate you.  Screw up a second time and they likely will lock your thread and not deal with you.
  • Your problem will be solved, but it will probably take a couple of days of back and forth e-mails and you sending some logs for them to check.

You will get one-on-one help with an expert with no cost except you donation if and when you choose to make one.  However this dialog that you have will be visible to anyone on the net. 

Everyone is instructed not copy the protocol set forth in threads (no matter how pertinent the other person's situation is to yours) other than the one(s) you start.  If you do, and this does not solve you problem, and then you start a thread asking for help, they will likely lock you thread.

Hope that helps.

Top
June 11th, 2012 at 6:14 PM
(Reply to #20) #42
oriental andrew
oriental andrew's picture
Joined: 06/30/2008
MGoPoints: 16449
Nice.  I might just try those

Nice.  I might just try those initial steps to see what happens, given that they say it should clean up the system pretty well even before your first post (not that my computer is infected or anything). 

For my privacy, my new username is "non-Oriental non-Andrew"
 

Top
June 11th, 2012 at 6:48 PM
(Reply to #31) #43
Blue Durham
Blue Durham's picture
Joined: 06/30/2008
MGoPoints: 4675
They're great because

they have you use a variety of free-ware and they check for a variety of problems from the log files you post.  Thus, if any other problems arise, they are familiar with you and situation and take addition steps to resolve it, unlike using just one program like malwarebytes (which they do have you use). 

Top
June 11th, 2012 at 5:27 PM
#44
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
Thanks for the advice, everyone

I love MGoBlog.  Lots of options to consider... I'll let you know how it works out.

One question I asked above, still not clear on the answer -- when I do a backup of all the stuff I want to save in case I need to reformat or buy a new machine, how do I ensure that stuff isn't infected before loading it onto the clean/new computer?

Thanks again!

Top
June 11th, 2012 at 5:51 PM
(Reply to #24) #45
Griff88
Griff88's picture
Joined: 01/26/2010
MGoPoints: 1315
Scan

everything on the external hard drive. As long as you are not backing up system files, dll's, unfamiliar exe's, or registry entries... you should be fine.

I would recommend getting rid of McAfee Antivirus. For free Antivirus use either Microsoft Security Essentials or AVAST. For paid Antivirus, ESET Nod32 is excellent.  There is also a free online scanner from Trend Micro, that is good as well.

http://housecall.trendmicro.com/

Simply put, just scan everything.

Top
June 11th, 2012 at 5:52 PM
#46
BlueMan80
BlueMan80's picture
Joined: 01/21/2011
MGoPoints: 6493
Thanks for reminding me....

I need to backup my computer.  Haven't done that in a while.  Once my kids got their own computers, things have been a lot "cleaner" with this system.

Top
June 11th, 2012 at 10:17 PM
(Reply to #29) #47
htownwolverine
htownwolverine's picture
Joined: 09/02/2009
MGoPoints: 6924
Gospel brother. I have spent

Gospel brother. I have spent hours cleaning my nieces computers. Drives me nuts to go to the in-laws, use a 3 month old machine and it takes 15 minutes 2 load a webpage.



My wife is thankful that we have had the same box for years with no viruses.

Who is Jon Falk?
Top
June 11th, 2012 at 6:59 PM
#48
Sac Fly
Sac Fly's picture
Joined: 04/03/2010
MGoPoints: 6174
First

Trojans are tricky to get rid of because they update themselves. You can scan and remove all you want, but if there is a connection to the internet it will not go away. To fix this problem you have to scan in safemode.

If you want to make sure it gets out you have to learn the hard way. Find out which files are executing, back everything up and get rid of them manually.

Ditch your anti-virus, the knowlegde of protection systems and intrusion prevention is better then any anti-virus you could ever buy.

Top
June 11th, 2012 at 8:18 PM
#49
orobs
Joined: 10/03/2010
MGoPoints: 3205
this thread makes me happy i

this thread makes me happy i no longer use windows.  I splurged on a shiny new imac in 2006.  It still works like new.  I've never had a virus.   I think the last time I rebooted it was 5 months ago

Top
June 11th, 2012 at 9:27 PM
(Reply to #35) #50
ppToilet
ppToilet's picture
Joined: 04/18/2011
MGoPoints: 2406
Don't get cocky

Every system has its problems and Mac OS X is no exception.

Top
June 11th, 2012 at 10:36 PM
#51
M - Flightsci
M - Flightsci's picture
Joined: 06/30/2008
MGoPoints: 340
I'd second the

I'd second the malwarebytes/combofix route.  While "ghetto" in appearance as someone mentioned, combofix is an extremely effective tool.  MB run in safe mode w/ networking (for definition update) can be useful if you follow it up with normal mode scans.  I've found it usually works best to tackle these problems with a nice arsenal of tools at your disposal.  Most of the aformentioned programs will work well for you.  The only resource limiting you is time, and how much you're willing to dedicate to the task. 

 

I'll also third/fourth/fifth the notion of getting rid of McAfee and using Microsoft Security Essentials.  It's lightweight and unobtrusive, sort the far end of the pendulum swing from MS's User Account Control

Accelerate Your Life
FLY NAVY

Top
June 12th, 2012 at 10:37 AM
(Reply to #42) #52
NoVaWolverine
Joined: 09/07/2010
MGoPoints: 1692
Time as limited resource

That's the real issue for me, I think -- how much time do I want to devote to this, and what's the best use of my resources (time & money) to resolve the problem? I can see using one of these tech support forums to attempt a thorough clean-up, but that can take a while. Wiping/reformatting and starting fresh would give me more piece of mind knowing the rootkit is truly gone, but even that sounds a little daunting. A new laptop would be the quick and easy way, but I'm not sure I want to spend the money right now.

First World Problems, right? :-) 

Top
June 12th, 2012 at 3:01 AM
#53
RioThaN
RioThaN's picture
Joined: 09/28/2009
MGoPoints: 1963
I used to fix mine, but I

I used to fix mine, but I don't really remember how to, there are message boards that can help you step by step, I used forospyware.com but is in spanish.

There are tools like antimalwarebytes wich help a lot and some other that gives you the root directory, I remember one called bazooka, but it was when I had a pentium 4 computer with Windows xp so maybe that's too old now, you had to write down the directions and restart the computer in safe mode, then erase those files and directories, some needed additional software like killbox to be able to delate the files. Some other software like edowe (I think it was called that) was usefull to scan the computer and get the logs, people in those message boards read the logs and tell you what to erase or so, but after half a day I was able to remove red sheriff, a really nasty spyware very hard to remove as far as I know, perhaps backing up everything and reinstalling windows would be easier.

"I can pick leaves of tree in the backyard."

 

-Tom Strobel

Top
June 12th, 2012 at 10:19 AM
#54
ixcuincle
ixcuincle's picture
Joined: 08/11/2010
MGoPoints: 4485
Download a USB Virus scanner

Download a USB Virus scanner such as Kaspersky to a USB drive, off another computer. Then boot up in safe mode, run the scanner, and hope that the virus is removed. 

Talk about nuking above, but that's a last resort option in my opinion. 

Also, this laptop is an utter piece of junk, the fan is actually blaring right now and making some irritating noise. I heard the ultrabooks are pretty nice, but they're pretty expensive compared to the other laptops I'm looking at in Newegg. It's about the same age as the OP's laptop, so I could use a new laptop that actually runs videos and surfs the internet without freezing! 

Top
Theme provided by Roopletheme; sidebars adapted from Chris Murphy.