Rootkit attack

satyanjoy · Apr 16, 2009

avast detected rootkit in my pc. i delete it many times but no help.

[/URL][/IMG]

if I format my c drive n reinstall windows- will it work or I need to format my entire hdd-all the drives. I have data to be backup in other driver- if I burn those data will they carry the rootkit ?

Winter · Apr 16, 2009

If you format your C: the rootkit will be gone.But if the source is still there on another drive & if you run it after formatting, it will be back again.Check out RootkitRevealer 1.71 here & let me know the results.If possible switch over to Bit Defender or Kaspersky.

Tanuj · Apr 16, 2009

Rootkits are pita, the message keeps popping and avast dies.I shifted to latest nod32 and its alright now. Just formatting C won't help.

satyanjoy · Apr 16, 2009

Winter said:
If you format your C: the rootkit will be gone.But if the source is still there on another drive & if you run it after formatting, it will be back again.Check out RootkitRevealer 1.71 here & let me know the results.If possible switch over to Bit Defender or Kaspersky.

I am getting kaspersky from rahul within few days.
here is the rootkitrevealer result :

[/URL][/IMG]

satyanjoy · Apr 16, 2009

Tanuj said:
Rootkits are pita, the message keeps popping and avast dies.I shifted to latest nod32 and its alright now. Just formatting C won't help.

formatting is not my first choice.if possible any way I can remove it..how to do that - changing the antivirus system ??

nj_gamer · Apr 16, 2009

I strongly suggest you use GMER. you can get it at
GMER - Rootkit Detector and Remover or you can even try IceSword or DarkSpy from Anti Rootkit Software.
Regards

Winter · Apr 16, 2009

Your results are showing that the infected files were deleted.Maybe you ran Avast just before the RR.The results should show presence of a .sys file in your C: if it really is a rootkit.Close all tasks, reboot & run RootkitRevealer once again.It's important to know the name of that rootkit in order to remove it.

Jatt.inc · Apr 16, 2009

malwarebytes.org

satyanjoy · Apr 16, 2009

i got the following result with GMER .It detected some sys file

-----

guys from yesterday I am hearing an annoying sound from my cpu-initially thought fan noise but tonight I noticed that my fdd light is on and the sound like when fdd is accessing the floppy in it-it seems that some application/os constantly trying to access the fdd

edit: i have downloaded malwarebyte's antimalware-trial version and scanning now-will update the result soon

Winter · Apr 17, 2009

None of those files can be seen as a threat.I just have doubts about spiq.sys & related files simply because there is no info about it anywhere but on Kaspersky forum & that too in Russian.Try out the other softwares suggested to you.Otherwise I'm sure Kaspersky will detect something.If it's sounding like a headache then simply do a Format-Reinstall.

FDD noise cannot be heard without a floppy disk in there.If there is one inside then remove it.If that isn't the case & it's sounding something like a random clicking noise then it's possibly comming out of your HDD.And that could mean your HDD is failing.Another possibility is that one of your dangling wires is getting in the path of your CPU/? fan.

satyanjoy · Apr 17, 2009

Winter said:
None of those files can be seen as a threat.I just have doubts about spiq.sys & related files simply because there is no info about it anywhere but on Kaspersky forum & that too in Russian.Try out the other softwares suggested to you.Otherwise I'm sure Kaspersky will detect something.If it's sounding like a headache then simply do a Format-Reinstall.

FDD noise cannot be heard without a floppy disk in there.If there is one inside then remove it.If that isn't the case & it's sounding something like a random clicking noise then it's possibly comming out of your HDD.And that could mean your HDD is failing.Another possibility is that one of your dangling wires is getting in the path of your CPU/? fan.

i checked with rootkit revealer by today morning after booting my pc ;

[/URL][/IMG]

my c drive look like this :

edit:

I have checked,,the sound is coming from the fdd and the greeen light is on. i have not open my cpu yet for checking dangling wire . will do that and let u know.

i am installing kaspersky online virus checking, I will also download the trail version and will do the thorough checking and update here.

edit 2:

just completed kespersky online scanning, here is the report :

[/URL][/IMG]

I have downloaded the kespersky internet security trial version. I will remove avast and use kespersky and try to remove the trojan;will update later.

edit3:

I am not able to install kespersky. getting the following error :

[/URL][/IMG]

it shows avg 8 installed installed in my pc. I used advanced system care free edition to remove any trace of it but no help.

Pratik.Sampat · Apr 17, 2009

Dude it happened today rite?

Check whether System restore is on or not.

If it is on try doing a system restore. Check restore dates and restore it to yesterday or day b4 yesterday

satyanjoy · Apr 17, 2009

rocky_pratik said:
Dude it happened today rite?

Check whether System restore is on or not.

If it is on try doing a system restore. Check restore dates and restore it to yesterday or day b4 yesterday

Not sure,,but from today if become worst. I am not able see the folders in my c drive.

I tried system restore to 14th apr. still the same problem.c drive content not showing. I delete the avg from registry and finally able to install kaspersky and run full scanning and its still going on

DanDroiD · Apr 17, 2009

I have had root kit infections before and they are pesky to remove... I used a lot of the info and tools here and here to fix the problem.

I have found that online scanners will often work as rootkit virus's will often prevent you from installing new software.

Try f-secure

or f-secure Backlight root kit removal

Winter · Apr 17, 2009

System Restore should be turned off during an infection as it has backup copies of registry entries, dll cache & monitored files & hence can can re-infect your system.Presence of more than one Anti-Virus can badly screw up your OS as well.

Trojan-Downloader.Win32.Agent.brk is a Rootkit & can be removed using F-Secure BlackLight

Trojan.Win32.VB.cre can be removed using Kaspersky, Bit Defender, Sunbelt Anti-Virus & F-Secure.

If the above doesn't work then I'll suggest a format-reinstall instead of wasting time & overloading your gray matter

satyanjoy · Apr 18, 2009

Winter said:
System Restore should be turned off during an infection as it has backup copies of registry entries, dll cache & monitored files & hence can can re-infect your system.Presence of more than one Anti-Virus can badly screw up your OS as well.

Trojan-Downloader.Win32.Agent.brk is a Rootkit & can be removed using F-Secure BlackLight

Trojan.Win32.VB.cre can be removed using Kaspersky, Bit Defender, Sunbelt Anti-Virus & F-Secure.

If the above doesn't work then I'll suggest a format-reinstall instead of wasting time & overloading your gray matter

yeah//// format - reinstall on the way ...ahoyyyy:hap2:

Search

Search

Rootkit attack

satyanjoy

Winter

Penguin Powered

Tanuj

satyanjoy

satyanjoy

nj_gamer

Winter

Penguin Powered

Jatt.inc

satyanjoy

Winter

Penguin Powered

satyanjoy

Pratik.Sampat

satyanjoy

DanDroiD

Winter

Penguin Powered

satyanjoy