Rootkit - Hidden Driver, How to delete it? |
|
Rootkit - Hidden Driver, How to delete it? |
|
|
|
|
Feb 6 2009, 10:57 PM |
This is not so much about entertainment
but has something to do with electronics and PC. I found some rootkit as hidden driver in windows folder, drivers subfolder. I found it using AVG but I can't delete it, it always appears again and again but with different name. I also noticed something weird with browser Mozilla, fonts are changing just like that and even some colors are applied to certain text, could all that be done by this root kit? And how to delete it? Thanks -------------------- Youtube
MySpace Website Album "Let It Out" on iTunes and CD Baby Check out my video lessons and instructor board! The Pianist tune is progress,check it out! "ok.. it is great.. :P have you myspace? Can i to personalize this for you guy?" |
|
|
||
|
|
|
Feb 6 2009, 11:08 PM |
Yeah, I'm on XP and its current name is ad8z38ts.SYS
but I changes into aglwl2zo.SYS or something like that. Any ideas? Update, newest name is ai8I4wcc.SYS This post has been edited by Muris Varajic: Feb 6 2009, 11:09 PM -------------------- Youtube
MySpace Website Album "Let It Out" on iTunes and CD Baby Check out my video lessons and instructor board! The Pianist tune is progress,check it out! "ok.. it is great.. :P have you myspace? Can i to personalize this for you guy?" |
|
|
||
|
|
|
Feb 6 2009, 11:20 PM |
thought I'd google it.... Nothing. I did googling but nothing as well, it changes name all the time, dunno what to google anymore -------------------- Youtube
MySpace Website Album "Let It Out" on iTunes and CD Baby Check out my video lessons and instructor board! The Pianist tune is progress,check it out! "ok.. it is great.. :P have you myspace? Can i to personalize this for you guy?" |
|
|
||
|
|
|
Feb 6 2009, 11:51 PM |
I recommend Spybot as well Muris, the thing has the ability to restart the computer and search for viruses before starting the processes.
PS Good luck man This post has been edited by Ivan Milenkovic: Feb 6 2009, 11:51 PM -------------------- - Ivan's Video Chat Lesson Notes HERE
- Check out my GMC Profile and Lessons - (Please subscribe to my) YouTube Official Channel - Let's be connected through ! Facebook! :) |
|
|
||
|
|
|
Feb 7 2009, 12:19 AM |
Thanks guys, gonna try those right now!
-------------------- Youtube
MySpace Website Album "Let It Out" on iTunes and CD Baby Check out my video lessons and instructor board! The Pianist tune is progress,check it out! "ok.. it is great.. :P have you myspace? Can i to personalize this for you guy?" |
|
|
||
|
|
|
Feb 7 2009, 12:22 AM |
Seriously? Wipe the system. And reinstall it from scratch. That's the only secure way to handle this. And if it's really a proper rootkit, spybot won't be able to do anything. I hope you didn't have a credit card number or online banking credentails stored (or even just used) on this machine. In any case check the transactions. I hope that helps and nothing bad happend to your personal data.
- Jonas -------------------- My Website | My Gear | Elixir Nanoweb Strings Review | Installing Schaller Security Locks
"If privacy is outlawed, only outlaws will have privacy." - Phil Zimmermann |
|
|
||
|
|
|
Feb 7 2009, 12:28 AM |
You can try also online virus scanner, such as this one
http://www.bitdefender.com/ you have link SCAN ONLINE down left start computer in Safe mode with networking, Use Internet Explorer and follow the instructions Just to warn you, if you have a large disk it may take some time edit: backup your important data before, because if some system file is infected and unable to clean it will be automatically deleted, which means it can happen that you won't be able to start windows again This post has been edited by Dejan Farkas: Feb 7 2009, 12:32 AM -------------------- |
|
|
||
|
|
|
Feb 7 2009, 12:41 AM |
Seriously? Wipe the system. And reinstall it from scratch. That's the only secure way to handle this. And if it's really a proper rootkit, spybot won't be able to do anything. I hope you didn't have a credit card number or online banking credentails stored (or even just used) on this machine. In any case check the transactions. I hope that helps and nothing bad happend to your personal data. - Jonas Is it really that serious? I used PayPal few times -------------------- Youtube
MySpace Website Album "Let It Out" on iTunes and CD Baby Check out my video lessons and instructor board! The Pianist tune is progress,check it out! "ok.. it is great.. :P have you myspace? Can i to personalize this for you guy?" |
|
|
||
|
|
|
Feb 7 2009, 01:02 AM |
Found it!
And 29a, you owe me like 10 years of my life, you scared me to death man!!!!!!!! Anyhow, I did some googling and found few forums with similar questions, it was DeamonTools and it uses some rootkit as well, I did another scan after I uninstalled it and nothing was there. -------------------- Youtube
MySpace Website Album "Let It Out" on iTunes and CD Baby Check out my video lessons and instructor board! The Pianist tune is progress,check it out! "ok.. it is great.. :P have you myspace? Can i to personalize this for you guy?" |
|
|
||
|
|
|
Feb 7 2009, 01:46 AM |
Sorry i cannot believe that a rootkit can be that serious, the reason is because rootkits dont have a payload they only allow viruses etc to go un-detected there will always be some sort of method to get rid of them. if you can find the specifics of the rootkit i.e the name/type, you should be able to find some fix either on a forum (one about virus diagnosis) or google ofc. but yes. if theres not much to loose reinstalling windows might actually take less time in diagnosing the problem/problems. A rootkit is the most serious/low level type of backdoor you can have on your computer. Rootkits are used to hide a payload. A rootkit can modify/control everybit of an operating system and hide itself in very obscure places. It can hide files. But it can also show you files which don't exist. It can hide processes. It can modify the behavior of existing processes/applications including virus scanners. Unless you analyzed what exactly that rootkit does (by studying it's entire code) it's very hard to tell if you've removed everything or not. And muris, sorry I didn't want to scare you and I'm glad it was nothing serious. But you've got to be careful with malware. Nowadays it's not just kids having fun but organized crime. - Jonas -------------------- My Website | My Gear | Elixir Nanoweb Strings Review | Installing Schaller Security Locks
"If privacy is outlawed, only outlaws will have privacy." - Phil Zimmermann |
|
|
||
|
|
|
Feb 7 2009, 02:02 AM
|
|
I do this for a living, I completely agree with 29a.
|
|
||
|
|
|
Feb 7 2009, 07:20 AM |
A warning to everyone. DaemonTools comes with malware and has done so for well over a year. Some clame that it only is an adware, but I've friend who's gotten trojans and other crap from their installers. I recommend removing it and that you use another software for your needs.
I can recommend MagicDisc. I've read that microsoft have a program that mounts images as well, but I've never used it. -------------------- [color="#808080"]Guitars: Epiphone Les Paul Gothic with EMG 81 and 85, Crafter Acoustic, ESP LTD F-205
|
|
|
||
|
|
|
Feb 7 2009, 12:30 PM |
And muris, sorry I didn't want to scare you and I'm glad it was nothing serious. But you've got to be careful with malware. Nowadays it's not just kids having fun but organized crime. - Jonas No problem and I agree 100% as well, we must be REALLY careful with those things!! -------------------- Youtube
MySpace Website Album "Let It Out" on iTunes and CD Baby Check out my video lessons and instructor board! The Pianist tune is progress,check it out! "ok.. it is great.. :P have you myspace? Can i to personalize this for you guy?" |
|
|
||