Advertise on Bikeforums.net



User Tag List

Results 1 to 6 of 6

Thread: Bootkit removal

  1. #1
    Non Tribuo Anus Rodentum and off to the next adventure (RIP) Stacey's Avatar
    Join Date
    Dec 2002
    Posts
    9,163
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Bootkit removal

    Help! I have a computer that I've spent three days hammering out thousands of bits of malware (viri, adware, spyware, trojans, worms, etc.) only to find out the freakin' thing has a bootkit in it.

    Any reccomendations, other than a wipe and reinstall, to kill this bastid!

  2. #2
    Sweetened with Splenda
    Join Date
    Sep 2003
    Location
    Brooklyn, Alabama
    My Bikes
    Too many 80s roadbikes!
    Posts
    2,335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Which one is it? This can help you: http://www.sysinternals.com/Utilitie...tRevealer.html
    and newer versions of Microsoft's malicious software detection tool can actually be helpful as well.
    Falling down is not exercising.

  3. #3
    Non Tribuo Anus Rodentum and off to the next adventure (RIP) Stacey's Avatar
    Join Date
    Dec 2002
    Posts
    9,163
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not sure, yet. As I was peeling away the crap I just had a feeling I was dealing with a bootkit infection. The MS Firewall was disabled and I couldn't regain control. So, after I ran Trend in Safe Mode at the Admin level, it confirmed the bootkit suspision and 'deleted' it. I reboted in normal mode and the Firewall alert was gone... for about a minute. Just long enough to go in to control panel and verify that the firewall was indeed active. Then to my displeasure the No Firewall alert poped up and I couldn't access it again. Grrr.

    I did find UnHackMe at greatis.com, I'll down load that tomorrow and give it a go.

  4. #4
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also give F-Secure's BlackLight Beta a whirl: http://www.f-secure.com/blacklight

    And after running the rootkit detection (in Normal Mode), download the McAfee manual scanner I've written up in this text file, and make the preparations to use it: http://www.omnicast.net/~tmcfadden/scan.txt After preparing, reboot into Safe Mode With Command Prompt as the instructions say, and launch the scan. If you would post the contents of the C:\report.html file afterwards, that would be interesting.

    My personal preference is to simply Drop The Bomb On It™ with DBAN and then do a fresh installation of Windows afterwards, but I know sometimes people want you to save their installation. Good luck Stacey!

  5. #5
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    BTW to comment on the McAfee scanner: if you use it as directed, it goes after viruses, Trojans, worms, adware, spyware, hacking tools, rootkits (that are known & detectable, anyway)... it's the full-meal deal. And it deletes them on sight, not just listing them or something. Plus it uses heuristics to make educated guesses at as-yet-unknown malware too. It's a good supplement to an installed antivirus scanner if you're trying to get rid of stubborn stuff.

  6. #6
    Non Tribuo Anus Rodentum and off to the next adventure (RIP) Stacey's Avatar
    Join Date
    Dec 2002
    Posts
    9,163
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mechBgon
    BTW to comment on the McAfee scanner: if you use it as directed, it goes after viruses, Trojans, worms, adware, spyware, hacking tools, rootkits (that are known & detectable, anyway)... it's the full-meal deal. And it deletes them on sight, not just listing them or something. Plus it uses heuristics to make educated guesses at as-yet-unknown malware too. It's a good supplement to an installed antivirus scanner if you're trying to get rid of stubborn stuff.

    I've used that before (c:\scan.bat) right? The first ti,e I used it it blew me away I was so impressed, the second time I had difficulty running it.

    I'll follow up later today with a progress report. Thanks guys!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •