Jump to content

Rootkit: Help Needed.


Warby35

Recommended Posts

Hi, If anybody could help me that would be great......

 

I have a Rootkit and can't get rid of it, I have scanned with SUPERAntiSpyware, but that doesn't even pick it up,

where as it has found Rootkits before this one seems to dodge it somehow. So I have ran the AVG anti Rootkit and that

finds it but cannot remove it, also I'm sure the name of the offending file changes, the last time I did the scan it was called-

"azjwvypl.sys" I have no screenshot of this but I did a google search (that turned up a blank) and it was saved on the clipboard. I have included some screenshots to explain my problem.

 

Thanks for reading,

Warby.

 

post-32046-1241816320_thumb.png

post-32046-1241816328_thumb.png

post-32046-1241816338_thumb.png

post-32046-1241816346_thumb.png

Share this post


Link to post
Share on other sites

  • Replies 36
  • Created
  • Last Reply

Top Posters In This Topic

Are you in safe mode? I do all of my virus scanning in safe mode...it limits which processes start. Good luck!

Yes I have tried it in safe mode, but the driver seems to load?

 

Sorry, I have just noticed this should be in the software section...........

Share this post


Link to post
Share on other sites

slave the drive inot another PC and do the scan on the drive not live....

 

I aint found a virus yet I couldnt nuke on a drive thats slaved...(IE: non-booted)

Share this post


Link to post
Share on other sites

slave the drive inot another PC and do the scan on the drive not live....

 

I aint found a virus yet I couldnt nuke on a drive thats slaved...(IE: non-booted)

 

It's a RAID 0 set up, that would be a tricky thing to do, any tips?

 

Thanks for the reply,

 

Warby.

Share this post


Link to post
Share on other sites

It's a RAID 0 set up, that would be a tricky thing to do, any tips?

 

Thanks for the reply,

 

Warby.

wipe it/reformat and relbuild windows from your backup copy... :thumbs-up:

Share this post


Link to post
Share on other sites

It's a RAID 0 set up, that would be a tricky thing to do, any tips?

 

Thanks for the reply,

 

Warby.

 

 

you can still slave the raid drives into another rig and do it...as long as it's the same chipset....

 

just enable raid in the bios but dont boot to it...simple deal...if you dont have access to another rig with the same raid chipset or have no friends with a rig...well then it's back up and nuke and pave I am afraid...

Share this post


Link to post
Share on other sites

you can still slave the raid drives into another rig and do it...as long as it's the same chipset....

 

just enable raid in the bios but dont boot to it...simple deal...if you dont have access to another rig with the same raid chipset or have no friends with a rig...well then it's back up and nuke and pave I am afraid...

 

Thanks for the suggestions, but I don't know anybody with a 790fx chipset, but that trick is worth noting for future

builds- I wont be using RAID 0 on any of my next builds, I think the cons weigh out the pros.

 

Damn I hate doing a re-install, even getting Firefox back to my preference will take the best part of the day, I am wondering

weather its not just worth living with, but you never know what the blasted RK is programmed to do.

 

{{{{{{{{{{{{{{{{{{{{{{DAMN!}}}}}}}}}}}}}}}}}}}}}}

 

Warby.

Share this post


Link to post
Share on other sites

Have you tried all of the usual apps? Malwarebytes and XoftSpySE are good, you could try RootkitRevealer. I'd also give ComboFix a go before hanging it up. It often takes several apps to eradicate a stubborn piece of malware.

Share this post


Link to post
Share on other sites

Have you tried all of the usual apps? Malwarebytes and XoftSpySE are good, you could try RootkitRevealer. I'd also give ComboFix a go before hanging it up. It often takes several apps to eradicate a stubborn piece of malware.

 

Not tried one or two of those, so nothing to lose, is there any conflict problems with

antivirus software like there is with Firewall software?

 

Thanks for the suggestions

 

Warby

Share this post


Link to post
Share on other sites

You don't have a conflict between firewall/malware apps unless they have real-time protection enabled. The freeware versions of the apps I mentioned are just for scanning and don't interfere with anything. However, having said that, I believe with Combofix you need to shut your real-time protection off during the scan, but with most malware scanners you don't.

 

I once worked on a computer that I ran scans on from more than 10 different apps, and all found malware that the others missed. I'd say in most cases, if you run enough apps, you'll eventually get rid of the malware.

 

Any time you download an anti-malware app be sure to update the database before you use it. Some will prompt you to do it, but some don't. All will come with a definitions database, but some will be weeks old.

Share this post


Link to post
Share on other sites

These are my favorates that I use all the time.

Spybot Search and Destroy, Malwarebytes, Adaware Free Anniversary Edition, Avg Free, Spyware Blaster.

If would try all of these before you nuke the drive

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...