Jump to content

win32/nevoros.B!Rakr rootkit virus


Recommended Posts

I have can gain access to a clean windows 10 pc to make something, so same 64 bit coding.  Need to buy another flash drive. 

I did notice at the Hp site that the computer is retired in their  service.  It seems the system was locked to make either a recovery disk or backup, not both.  Only way to both would have been to install a pure OS on it.   Which also explain why I could never upgrade for free years ago, so  they(MS) locked out certain vendors.  I managed to go almost 10 years before a major problem which isn't bad if I look on the positive side of things.

Used admin commands but it didn't work, see attached pics.   Did try to create a disk, but didn't work again.  The frst said it couldn't find the fix log, but seems to show one.

On another note is there a program that shows connections and if they might be comprimized?   Because there are way too many svc hosts in the task manager.  Be nice to close those off so it could update.    I'm also looking for some sort of editor so I can see task programs (i think some have been altered), so I can edit the tasks, startup, logoff, winini stuff to elminate unwanted programs from working and giving me a better chance if I have to try a factory reset so nothing comes back.

cdrom reg-1.jpg

cdrom reg-2.jpg

cmd error.jpg

frst-1.jpg

frst-2.jpg

usb reg.jpg

system disk creation error.jpg

Link to post
Share on other sites

WDF is legitimate registry key..

In command prompt wrong syntax occurs because the registry value was already correct so cannot be changed to same value...

FRST is probably failing due to the infections influence...

You mention a factory reset, that is probably the best option for you. A factory reset will format your hard drive and restore the computer to the state it was in when first purchased via hidden recovery partition. 

The only problem then would be using backed up data from other hard drives or partitions. Those would need to be scanned first with a very thorough online AV...

Link to post
Share on other sites

Your logs do not show any malware or infection. I can see that your main drive is partitioned :-

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 2173BADF)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4 GB) - (Type=0C)

As you quote 500 GB is missing, all current partitions are correct. You will have to access Disk Management and check for Unallocated disk space. From there you will have to name and allocate as to your needs. The following link does give instructions, it also has free version of "Partition Manager" an excellent tool..

https://www.disk-partition.com/articles/how-to-allocate-unallocated-space-in-windows-7-3889.html

Thanks,

Kevin

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.