Stryver Veteran 313 Posts user info edit post |
I got infected. Thought it was antimalware doctor, removed some registry files and others, apparently missed some. It's disabled Norton and windows update. Did system restore, used mrt, stiil no joy.
Currently booted in Ubuntu from a USB drive and am running clam on the disk. Previously tried prevxc and malwarebytes in Wine, but they both crashed. Any suggestions on anything else I can try from here?
Next step is safe mode boot, I have malwarebytes, prevxc, unhackme, rootkitrevealer, and hijackthis standing by to run when I get there. 12/5/2010 6:28:07 PM |
Grandmaster All American 10829 Posts user info edit post |
http://www.hirensbootcd.org/download/Hirens.BootCD.12.0.zip
Hiren's will boot a mini xp install and let you run a few anti-spyware apps, but not too many utilities like combofix (prevxc, GMER, etc) will work. 12/5/2010 7:45:05 PM |
darkone (\/) (;,,,;) (\/) 11611 Posts user info edit post |
In the interest of saving time, you'll be done with this sooner if you just reformat and start over. 12/5/2010 8:31:14 PM |
wwwebsurfer All American 10217 Posts user info edit post |
^+1
Use Ubuntu to save important files and reformat. 12/5/2010 9:25:55 PM |
evan All American 27701 Posts user info edit post |
clamav 12/6/2010 2:45:05 AM |
lewisje All American 9196 Posts user info edit post |
Hiren's boot CD and ClamAV on Ubuntu are good choices, but you can also consider a curious offering from AVG: http://www.avg.com/us-en/avg-rescue-cd It's a Linux LiveCD with AVG on it and a few other tools, like a registry editor 12/6/2010 3:07:12 AM |
Stryver Veteran 313 Posts user info edit post |
I know reformatting would be quicker. I'm fully and multiply backed up, though I'm only 60% sure my last full one is clean. Right now, I'm running on stubbornness.
I ran ClamAV, found and removed 4 files. Didn't know to tell it to let me know what it found. Didn't know to tell it to ignore things, so that took a long time. Couldn't get any of the windows based programs to run cleanly in Wine.
Back in windows, Malwarebytes found a few more and removed them, but nothing interesting. Spyware Doctor says I have a rootkit bug, but won't tell me what and wants me to buy the CD. Prevx found nothing.
I want a registry editor and something to detect rootkit bugs that I can run from Ubuntu. Any suggestions?
If I identify a rootkit infection, how do I manually remove it? 12/6/2010 8:56:40 AM |
pttyndal WINGS!!!!! 35217 Posts user info edit post |
I've had good luck with Kasperky's TDSSkiller. Had 2 here recently that wouldn't update and tdsskiller fixed them.
http://support.kaspersky.com/viruses/solutions?qid=208280684 12/6/2010 9:34:08 AM |
lewisje All American 9196 Posts user info edit post |
^^Download AVG Rescue CD and run that, it has a Registry editor 12/6/2010 10:20:37 AM |
Stryver Veteran 313 Posts user info edit post |
^^ ++
I ran out of ideas and ended up at the school help desk. They were remarkably helpful (Thanks!) and after a handful of tools, TDSSKiller did the trick.
It's on my rescue stick now. 12/6/2010 6:31:04 PM |