rkenshin Posted December 31, 2011 Share Posted December 31, 2011 Its also recommended to perform those functions in safe mode. The MBR fix didn't work either? Elliot B. 1 Share Link to comment Share on other sites More sharing options...
Elliot B. Posted December 31, 2011 Author Share Posted December 31, 2011 Its also recommended to perform those functions in safe mode. The MBR fix didn't work either? How did I miss that? I have now issued the fixmbr and fixboot commands and the system is now fine! Many thanks! Link to comment Share on other sites More sharing options...
alexalex Posted December 31, 2011 Share Posted December 31, 2011 It maybe a Master Boot Record infection so try running BitDefender BootKit Removal Tool, or FixMBr. Link to comment Share on other sites More sharing options...
n_K Posted December 31, 2011 Share Posted December 31, 2011 Might be a wise idea to format and reinstall just to make sure it doesn't come back from any remnants left on your system. Link to comment Share on other sites More sharing options...
Elliot B. Posted December 31, 2011 Author Share Posted December 31, 2011 How did I miss that? I have now issued the fixmbr and fixboot commands and the system is now fine! Many thanks! Ignore that - it's back. Link to comment Share on other sites More sharing options...
alexalex Posted December 31, 2011 Share Posted December 31, 2011 Ignore that - it's back. Did you run bitdefender bootkit removal tool ? it's portable. http://www.malwareci...ads&showfile=48 The tool has been tested on the following e-threats: Rootkit.MBR.Alipop.B Rootkit.MBR.Alipop.C Rootkit.MBR.Fengd.A Rootkit.MBR.Fips.A Rootkit.MBR.Locker.A Rootkit.MBR.Locker.B Rootkit.MBR.Mayachok.A Rootkit.MBR.Mebratix.A Rootkit.MBR.Mebratix.B Rootkit.MBR.Mebroot.A Rootkit.MBR.Mebroot.B Rootkit.MBR.Mybios.A Rootkit.MBR.Pihar.A Rootkit.MBR.Pihar.B Rootkit.MBR.Pihar.C Rootkit.MBR.Pihar.D Rootkit.MBR.Ramnit.A Rootkit.MBR.Sst.A Rootkit.MBR.Sst.B Rootkit.MBR.Sst.C Rootkit.MBR.TDSS.A Rootkit.MBR.TDSS.B Rootkit.MBR.TDSS.C Rootkit.MBR.Whistler.A Rootkit.MBR.Whistler.B Rootkit.MBR.Whistler.C Rootkit.MBR.Yoddos.A Rootkit.MBR.Yoddos.B Rootkit.MBR.Zegost.A Win32.Ramnit.N Link to comment Share on other sites More sharing options...
rkenshin Posted December 31, 2011 Share Posted December 31, 2011 Well, its obviously hooked into the MBR since FixMBR corrected the problem temporarily, so you'll need to get something that will remove it from the MBR. The other option, unfortunately, is that if you can't get it off using an MBR tool, you might be better off backing up your vital data and doing a clean wipe of your system. And when I mean a "clean wipe", I mean performing a write-zero's to the drive. KillDisk is a good program that will do this for you. There is a free version that will do one single pass of zero's to the drive. But, thats just me. ;) Link to comment Share on other sites More sharing options...
Elliot B. Posted December 31, 2011 Author Share Posted December 31, 2011 Well, its obviously hooked into the MBR since FixMBR corrected the problem temporarily, so you'll need to get something that will remove it from the MBR. The other option, unfortunately, is that if you can't get it off using an MBR tool, you might be better off backing up your vital data and doing a clean wipe of your system. And when I mean a "clean wipe", I mean performing a write-zero's to the drive. KillDisk is a good program that will do this for you. There is a free version that will do one single pass of zero's to the drive. But, thats just me. ;) So it's something software-based that 10 of the most popular malware removers can't remove? What a crock :( I can't believe Windows still needs to be reinstalled when one piece of malware hits. Link to comment Share on other sites More sharing options...
Marshalus Veteran Posted December 31, 2011 Veteran Share Posted December 31, 2011 I had his issue on a system recently, I spent days trying to figure it out, only thing I could do to fix was total format and reinstall. Link to comment Share on other sites More sharing options...
Elliot B. Posted December 31, 2011 Author Share Posted December 31, 2011 I had his issue on a system recently, I spent days trying to figure it out, only thing I could do to fix was total format and reinstall. That's madness these days, especially when we're on some of the best Windows forums around :/ Link to comment Share on other sites More sharing options...
metallithrax Posted December 31, 2011 Share Posted December 31, 2011 So it's something software-based that 10 of the most popular malware removers can't remove? What a crock :( I can't believe Windows still needs to be reinstalled when one piece of malware hits. I have encountered one like this on a co-workers PC. Nothing security related would run at all, even in safe mode. Had to use Ultimate Boot CD for Windows. Although I did completely re-install windows for her, UBCD4Win, with the anti virus components updated before being burnt to disc is a good choice to try. Link to comment Share on other sites More sharing options...
HawkMan Posted December 31, 2011 Share Posted December 31, 2011 Combofix then fixmbr then Combofix Or else full format and reinstall. Link to comment Share on other sites More sharing options...
Julius Caro Posted December 31, 2011 Share Posted December 31, 2011 Try this: http://www.microsoft.com/security/scanner/en-us/default.aspx and also try zeroaccess rootkit removal tools: http://www.2-viruses.com/remove-zeroaccess-rootkit Link to comment Share on other sites More sharing options...
alexalex Posted December 31, 2011 Share Posted December 31, 2011 Try this: http://www.microsoft...us/default.aspx and also try zeroaccess rootkit removal tools: http://www.2-viruses...oaccess-rootkit or the BootCD Microsoft System Sweeper (32/64 bit) http://connect.microsoft.com/systemsweeper Link to comment Share on other sites More sharing options...
Coi Posted December 31, 2011 Share Posted December 31, 2011 If reformatting the system is too much for you, you might try doing a System Restore (after trying the suggestions above). Link to comment Share on other sites More sharing options...
alexalex Posted December 31, 2011 Share Posted December 31, 2011 If reformatting the system is too much for you, you might try doing a System Restore (after trying the suggestions above). It is likely the the rootkit is hiding in system restore too. Usualy first step in cleaning an infected Windows pc is to delete system restore files. Link to comment Share on other sites More sharing options...
metallithrax Posted December 31, 2011 Share Posted December 31, 2011 It is likely the the rootkit is hiding in system restore too. Usualy first step in cleaning an infected Windows pc is to delete system restore files. Yes, on the above mentioned repair I did, system restore failed every time - even going back to a 3 month old restore point. Link to comment Share on other sites More sharing options...
ecotrojan Posted December 31, 2011 Share Posted December 31, 2011 1) Start \ Run \ MSCONFIG Check startup and services 2) Start \ Accessories \ System Tools \Task Scheduler Check nothing dodgy is scheduled to run on each boot Both long shots and you seem to have covered the majority of bases here. Link to comment Share on other sites More sharing options...
Marshalus Veteran Posted December 31, 2011 Veteran Share Posted December 31, 2011 That's madness these days, especially when we're on some of the best Windows forums around :/ When you reach the point where you spend more time trying to fix the problem one way than another, it's just easier to accept defeat and move on. Link to comment Share on other sites More sharing options...
ceminess Posted December 31, 2011 Share Posted December 31, 2011 I would try Hitman Pro - http://www.surfright.nl/en/hitmanpro then Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix Then if your computer appears clean run Gmer to make sure it is in fact clean Gmer - http://www.bleepingcomputer.com/combofix/how-to-use-combofix If the above combination does not work. Then a format is just simply easier then attempting to clean. Link to comment Share on other sites More sharing options...
Seizure1990 Posted December 31, 2011 Share Posted December 31, 2011 You are doing all these scans in safe mode, correct? FTR, most security programs, including Malwarebytes and Combofix, are made to run in normal mode, and will do a better job of cleaning as such. Running in safemode is only supposed to be done when it's not possible to scan in normal mode, and generally, if running in safemode fixes the issue, you want to run a second time in Normal mode to make sure everything is really clean. Link to comment Share on other sites More sharing options...
paulbeattie87 Posted December 31, 2011 Share Posted December 31, 2011 I had his issue on a system recently, I spent days trying to figure it out, only thing I could do to fix was total format and reinstall. Increasingly this is my solution to most problems. Your post below sums up my thoughts on it exactly! When you reach the point where you spend more time trying to fix the problem one way than another, it's just easier to accept defeat and move on. Link to comment Share on other sites More sharing options...
Xtreme2damax Posted December 31, 2011 Share Posted December 31, 2011 This might or might not be of any use: http://www.tech-faq.com/keep-getting-redirected-from-google.html Seems like a really pesky piece of malware. Link to comment Share on other sites More sharing options...
rkenshin Posted December 31, 2011 Share Posted December 31, 2011 This might or might not be of any use: http://www.tech-faq....rom-google.html Seems like a really pesky piece of malware. I already gave him that link on the previous page. :D Elliot B. 1 Share Link to comment Share on other sites More sharing options...
Joey S Posted January 1, 2012 Share Posted January 1, 2012 I can't believe Windows still needs to be reinstalled when one piece of malware hits. If you need a working system, dual boot with Ubuntu or another Linux distro. You'll never have virus/rootkit problems there. You can even scan/repair your Windows installation from Linux. Link to comment Share on other sites More sharing options...
Recommended Posts