Foo - Bootkit removal

Bikeforums.net is a forum about nothing but bikes. Our community can help you find information about hard-to-find and localized information like bicycle tours, specialties like where in your area to have your recumbent bike serviced, or what are the best bicycle tires and seats for the activities you use your bike for.



PDA

View Full Version : Bootkit removal

Stacey
03-16-06, 08:05 PM
Help! I have a computer that I've spent three days hammering out thousands of bits of malware (viri, adware, spyware, trojans, worms, etc.) only to find out the freakin' thing has a bootkit in it.

Any reccomendations, other than a wipe and reinstall, to kill this bastid!

brokenrobot
03-16-06, 09:09 PM
Which one is it? This can help you: http://www.sysinternals.com/Utilities/RootkitRevealer.html
and newer versions of Microsoft's malicious software detection tool can actually be helpful as well.
Stacey
03-16-06, 09:20 PM
I'm not sure, yet. As I was peeling away the crap I just had a feeling I was dealing with a bootkit infection. The MS Firewall was disabled and I couldn't regain control. So, after I ran Trend in Safe Mode at the Admin level, it confirmed the bootkit suspision and 'deleted' it. I reboted in normal mode and the Firewall alert was gone... for about a minute. Just long enough to go in to control panel and verify that the firewall was indeed active. Then to my displeasure the No Firewall alert poped up and I couldn't access it again. Grrr.

I did find UnHackMe at greatis.com, I'll down load that tomorrow and give it a go.

mechBgon
03-16-06, 09:31 PM
Also give F-Secure's BlackLight Beta a whirl: http://www.f-secure.com/blacklight

And after running the rootkit detection (in Normal Mode), download the McAfee manual scanner I've written up in this text file, and make the preparations to use it: http://www.omnicast.net/~tmcfadden/scan.txt After preparing, reboot into Safe Mode With Command Prompt as the instructions say, and launch the scan. If you would post the contents of the C:\report.html file afterwards, that would be interesting.

My personal preference is to simply Drop The Bomb On It™ with DBAN (http://dban.sourceforge.net) and then do a fresh installation of Windows afterwards, but I know sometimes people want you to save their installation. Good luck Stacey! :)
mechBgon
03-16-06, 09:37 PM
BTW to comment on the McAfee scanner: if you use it as directed, it goes after viruses, Trojans, worms, adware, spyware, hacking tools, rootkits (that are known & detectable, anyway)... it's the full-meal deal. And it deletes them on sight, not just listing them or something. Plus it uses heuristics to make educated guesses at as-yet-unknown malware too. It's a good supplement to an installed antivirus scanner if you're trying to get rid of stubborn stuff.
Stacey
03-17-06, 04:37 AM
BTW to comment on the McAfee scanner: if you use it as directed, it goes after viruses, Trojans, worms, adware, spyware, hacking tools, rootkits (that are known & detectable, anyway)... it's the full-meal deal. And it deletes them on sight, not just listing them or something. Plus it uses heuristics to make educated guesses at as-yet-unknown malware too. It's a good supplement to an installed antivirus scanner if you're trying to get rid of stubborn stuff.


I've used that before (c:\scan.bat) right? The first ti,e I used it it blew me away I was so impressed, the second time I had difficulty running it.

I'll follow up later today with a progress report. Thanks guys! :)