We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Root Kit Zero Access / Win32 Patched HN Trojan

Options
12345679»

Comments

  • Silver-Cat
    Silver-Cat Posts: 242 Forumite
    nothing, gave zero results, very odd.
    open office was the free download so nothing dodgy with it.
  • closed
    closed Posts: 10,886 Forumite
    avast does run on vista
    !!
    > . !!!! ----> .
  • Silver-Cat
    Silver-Cat Posts: 242 Forumite
    I know, but it gave all sorts of errors and windows wanted to keep verifying, had all sort of reboots and windows shutting itself down etc. I found loads had the same problem after a vista update and having not being able to use it so I gave up and unistalled it.
  • RussJK
    RussJK Posts: 2,359 Forumite
    Pretty sure the combofix deletion was a false positive, besides the rootkit only infects .sys files in the system32 directory. Did you try the targetted scans from SAS, Microsoft Malicious software, Dr Web? Have you tried with the new version of Hitmanpro?

    If so and still no detections, (1) maybe this variant doesn't do the backup driver. (2) Maybe it did, but it's in one of the logs that hasn't been posted, so you could check for yourself e.g. bitdefender rescue disk leaves a log on C:\ IIRC. (3) Alternatively, it's just hiding itself too well so you might try with a Dr Web bootdisk (and can still browse). http://www.freedrweb.com/livecd

    Did I give you kontiki clean yet? http://demo.kontiki.com/support/KClean.exe
    Also aswCLEAR to remove Avast remnants http://files.avast.com/files/eng/aswclear.exe
  • Silver-Cat
    Silver-Cat Posts: 242 Forumite
    tried all of those and after the last combo fix nothing is showing at all.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Well id say its clean. But id certainly scan with Dr Web and some main anti virus (Avira or whatever)
    :idea:
  • Silver-Cat
    Silver-Cat Posts: 242 Forumite
    I've created a Dr Web boot disk and will have a go with that. It certainly seems more stable now.
  • closed
    closed Posts: 10,886 Forumite
    5 pages ..... backup, reinstall windows ;)
    !!
    > . !!!! ----> .
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    closed wrote: »
    5 pages ..... backup, reinstall windows ;)

    Gotta say I agree. Its the only way to be sure.
    :idea:
  • Silver-Cat
    Silver-Cat Posts: 242 Forumite
    the only reason I haven't is that in a few week's time I am moving all my data to another computer as treated the bf to a lovely new I5 laptop and I'm having his ols one so will probably do a format reinstall using my original backup discs I did when bought this infected laptop.

    I just need to be able to use it safely for a few more weeks so was a bit frustrated I managed to get such a nasty root kit!

    I'm still trying to determine where it came from as stopped using p2p type software and websites years ago and am so careful about what I install on here
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.