?
Solved

Bad Virus

Posted on 2010-09-24
15
Medium Priority
?
523 Views
Last Modified: 2012-05-10
I have a bad virus on a pc here.

I cannot boot to safe mode. Each time i try i get what seems like a bsod, but if i turn off auto shutdown on system failure, i still get no BSOD, and the pc just reboots.

In regular mode i have..
Ran Combo Fix
Ran Malwarebytes
Ran Hijack This
Ran SmitFraud Fix
Ran rKill
Kaspersky AV

No matter what the Virus Returns after reboot of KAV scan. Each time i run Combo Fix it detects a root kit. It reboots, and combo fix continues. It eventually finishes. If i run it again i once again get Rootkit, and it reboots. I figured system restore was fucking with it.
So i try to cut it off. Each time i cut it off windows won't boot, then after it restarts, it will boot and system restore is on.

Any ideas guys?

Also OS is XP
0
Comment
Question by:STS-Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 11

Expert Comment

by:ProfessorBindokas
ID: 33753132
Hi, what is the name of the virus (which particular rootkit) that is being detected?
0
 
LVL 11

Expert Comment

by:kaskhedikar_tushar
ID: 33753166
Hello,

Use ultimate boot CD or connect that hard drive to another computer which is not infected & with updated antivirus.

Scan whole system.Remove viruses from computer & then check.
   
In my opinion, take data backup & reinstall windows XP. Because this process will take lot of time.

Regards,
Tushar Kaskhedikar  
0
 
LVL 2

Author Comment

by:STS-Tech
ID: 33753203
Ok i'll try my UBCD after what i'm attempting now, and i will get you the name after it is over, as of now i'm trying to be sneaky...

I booted, ran smitfraud, ran mbam which found 1 infected, i did not reboot when prompted, i created a system restore point. I ran combo fix, when i was prompted with Rootkit, i used task manager to open run, and ran system restore, and made another new point. Then i cut off system restore. I said ok to combo fix to reboot the pc, when it booted to combo fix removing, i started the task manager, went to run, ran rkill to stop anything from trying, then mbam, started a scan, and combo fix was still running, i hope this is get this sucker.
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 11

Expert Comment

by:kaskhedikar_tushar
ID: 33753301
Hello,

Take data on another partition or on external drive. Reinstall Windows XP.Or check with antivirus sites if any virus removal tools & run it & scan the system.

Regards,
Tushar Kaskhedikar
0
 
LVL 2

Author Comment

by:STS-Tech
ID: 33753334
No go still, the virus being detected is...
MEM:Rootkit.win32.tdss.f
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 33753376
These tool will help you to clean!
Run:
- Drweb Cureit

The link you will find here:
http://www.experts-exchange.com/blogs/hopeleonie/B_2335-Malware-Removal-Links-all-for-free.html
0
 
LVL 11

Expert Comment

by:kaskhedikar_tushar
ID: 33753467
Hello,

Virus has been enter the system files, windows files. In my opinion, please reinstall windows XP.This

Regards,
Tushar Kaskhedikar  
0
 
LVL 2

Accepted Solution

by:
STS-Tech earned 0 total points
ID: 33753477
Ah i got it guys thanks!

Here is a nice free tool from KAV because they are amazing.

http://www.computing.net/answers/security/remove-rootkitwin32tdssd/30477.html?SID=e48tpccp9b&dr_log=-1&linkout=http%3A//support.kaspersky.com/downloads/utils/tdsskiller.zip

I ran that and now i am fine.
0
 
LVL 11

Expert Comment

by:kaskhedikar_tushar
ID: 33753648
Hello,
 
I already told you that please check with your antivirus web site. If there is any removal tool.
Then why are you accepted this answer himself?

Regards,
Tushar Kaskhedikar  
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 33753940
Note that once you have a rootkit, your best bet is to do a complete backup and wipe your disk then reinstall windows.  Although there are many rootkit removers, you never know what has been left behind.  You can download the free vmplayer and create a virtual machine in which you do all your browsing and connecting to internet.  If the VM gets infected you just erase it and the infection is gone.

For more about rootkits:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html
0
 
LVL 2

Author Closing Comment

by:STS-Tech
ID: 33754068
See my Answer
0
 
LVL 2

Author Comment

by:STS-Tech
ID: 33755786
Please Split between the two
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Make the most of your online learning experience.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question