Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Foo Off-Topic chit chat with no general subject.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 03-16-06, 09:05 PM   #1
Stacey
Non Tribuo Anus Rodentum and off to the next adventure (RIP)
Thread Starter
 
Stacey's Avatar
 
Join Date: Dec 2002
Bikes:
Posts: 9,161
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Bootkit removal

Help! I have a computer that I've spent three days hammering out thousands of bits of malware (viri, adware, spyware, trojans, worms, etc.) only to find out the freakin' thing has a bootkit in it.

Any reccomendations, other than a wipe and reinstall, to kill this bastid!
__________________
Stacey is offline   Reply With Quote
Old 03-16-06, 10:09 PM   #2
brokenrobot
Sweetened with Splenda
 
Join Date: Sep 2003
Location: Brooklyn, Alabama
Bikes: Too many 80s roadbikes!
Posts: 2,335
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Which one is it? This can help you: http://www.sysinternals.com/Utilitie...tRevealer.html
and newer versions of Microsoft's malicious software detection tool can actually be helpful as well.
brokenrobot is offline   Reply With Quote
Old 03-16-06, 10:20 PM   #3
Stacey
Non Tribuo Anus Rodentum and off to the next adventure (RIP)
Thread Starter
 
Stacey's Avatar
 
Join Date: Dec 2002
Bikes:
Posts: 9,161
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I'm not sure, yet. As I was peeling away the crap I just had a feeling I was dealing with a bootkit infection. The MS Firewall was disabled and I couldn't regain control. So, after I ran Trend in Safe Mode at the Admin level, it confirmed the bootkit suspision and 'deleted' it. I reboted in normal mode and the Firewall alert was gone... for about a minute. Just long enough to go in to control panel and verify that the firewall was indeed active. Then to my displeasure the No Firewall alert poped up and I couldn't access it again. Grrr.

I did find UnHackMe at greatis.com, I'll down load that tomorrow and give it a go.
__________________
Stacey is offline   Reply With Quote
Old 03-16-06, 10:31 PM   #4
mechBgon
Senior Member
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Also give F-Secure's BlackLight Beta a whirl: http://www.f-secure.com/blacklight

And after running the rootkit detection (in Normal Mode), download the McAfee manual scanner I've written up in this text file, and make the preparations to use it: http://www.omnicast.net/~tmcfadden/scan.txt After preparing, reboot into Safe Mode With Command Prompt as the instructions say, and launch the scan. If you would post the contents of the C:\report.html file afterwards, that would be interesting.

My personal preference is to simply Drop The Bomb On It™ with DBAN and then do a fresh installation of Windows afterwards, but I know sometimes people want you to save their installation. Good luck Stacey!
mechBgon is offline   Reply With Quote
Old 03-16-06, 10:37 PM   #5
mechBgon
Senior Member
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
BTW to comment on the McAfee scanner: if you use it as directed, it goes after viruses, Trojans, worms, adware, spyware, hacking tools, rootkits (that are known & detectable, anyway)... it's the full-meal deal. And it deletes them on sight, not just listing them or something. Plus it uses heuristics to make educated guesses at as-yet-unknown malware too. It's a good supplement to an installed antivirus scanner if you're trying to get rid of stubborn stuff.
mechBgon is offline   Reply With Quote
Old 03-17-06, 05:37 AM   #6
Stacey
Non Tribuo Anus Rodentum and off to the next adventure (RIP)
Thread Starter
 
Stacey's Avatar
 
Join Date: Dec 2002
Bikes:
Posts: 9,161
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by mechBgon
BTW to comment on the McAfee scanner: if you use it as directed, it goes after viruses, Trojans, worms, adware, spyware, hacking tools, rootkits (that are known & detectable, anyway)... it's the full-meal deal. And it deletes them on sight, not just listing them or something. Plus it uses heuristics to make educated guesses at as-yet-unknown malware too. It's a good supplement to an installed antivirus scanner if you're trying to get rid of stubborn stuff.

I've used that before (c:\scan.bat) right? The first ti,e I used it it blew me away I was so impressed, the second time I had difficulty running it.

I'll follow up later today with a progress report. Thanks guys!
__________________
Stacey is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 05:33 PM.