Jump to content

Rootkit disables permissions on EVERY anti-malware program!


paganmist

Recommended Posts

Found Antimalware Doctor on my PC, tried to remove it. All of a sudden, my computer turned against me. I seem to have TDSS rootkit.

The rootkit changes the permissions on all of these programs when I run them

Hijackthis

Combofix

Malwarebytes

OTL

Gmer

I have tried renaming them different names. I have run them in safe mode. It doesn't matter. The rootkit changes the permissions so that my account no longer can open the file, no matter what it is named.

The rootkit has blocked Windows Defender Update and disabled system restore. There is a DisableSR key in the registry that comes back every time I delete it, and vista won't let me make policy changes.

I cannot run online anti-virus scans. The rootkit deleted Firefox.exe when I tried to run TrendMicro's scan.

I ran Kaspersky's rescue disk. It found and deleted a few things, but the problem is still there.

PCTools found all of the trojans and viruses that the rootkit had installed and removed them. But now it turns up no results.

Gmer noticed a file modified which suggested root activity, but crashed during the scan. I downloaded new copies of each of these, renamed them, and tried to run them again, but each time, nothing worked.

What can I do? It's like this virus is ALIVE or something.

Link to post
Share on other sites

Ran Avira from a boot disk, removed a bunch of stuff (lots of java.agent.g and java.openstream type stuff), managed to log in and install malwarebytes.

I installed malwarebytes just fine. Removed a bunch of stuff. But the moment I turned on my internet connection to try to update malwarebytes, the computer shut off. Restarting gave me a "Stop" BSOD, even in safe mode. The Vista Recovery CD couldn't find a windows install. I did a startup repair but now when I log in, even in safe mode, instead of seeing a login list of user accounts, I see a black screen with a pointer!

This infection has got me beaten. In fact, if I wasn't about to lose a bunch of stuff that I hadn't backed up, I'd be impressed. There is nothing I can do without help except to reinstall, so that is what I'll do.

I hope the other people who come here with this type of infection find help. :/

Link to post
Share on other sites

  • Staff

paganmist,

I see many backdoor trojans and potential keylogging trojans here, so as a professional I would highly recommend formatting and reinstalling Windows, ensuring that adequately layered protection is present next time. The damage done here is extensive and I cannot guarantee that this computer will ever be safe without a format and reinstallation of Windows.

Let me know if you need any help during that process.

You can probably use your Vista CD to access a command prompt and copy any needed files to some removable media such as a flash drive. Alternatively, you could use a Linux boot disk to access your files. Let me know if you would like to pursue that avenue and if you need help with any part of the process.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.