| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 112427 | 2010-09-06 00:48:00 | W32/Mebroot infection | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1135015 | 2010-09-06 00:48:00 | Hi All, I have a notebook (XP Pro/SP3) with a rather stubborn variant of the above on it. Have tried the following to get rid of it: - MBAM - Spyware Terminator - Spybot - NOD32 - Trojan Remover - Eset's Mebroot removal tool - HJT NOD32 detects an infection, and blocks an outbound web request, but can't remove the infection. Eset's removal tool also detects the infection but can't remove it. All the others found nothing. This seems to be a rootkit, so can someone suggest a course of action. Will rebuild if I have to of course, but would rather avoid this. :thumbs: |
nofam (9009) | ||
| 1135016 | 2010-09-06 01:21:00 | A problem is there is no standardized naming for virus's, often the different AV companies will asssign slightly/completely different names to the same virus. So a 'patch' fix from another company may not be for a slightly differnt virus. try tdsskiller to remove SOME(1) hard to detect rootkits support.kaspersky.com Also spywaredoctor - update to v6 (be sure to uninstall after use) This can find infections that the other programs miss majorgeeks.com Also try removing HD & scan via a clean pc: best 1st step of the process or scan & clean in safe mode. |
1101 (13337) | ||
| 1135017 | 2010-09-06 01:28:00 | Did you disable system restore first? | Speedy Gonzales (78) | ||
| 1135018 | 2010-09-06 01:57:00 | Thanks 1101 - will look into those. Speedy - yes, SR is disabled (forgot to mention that sorry) |
nofam (9009) | ||
| 1135019 | 2010-09-06 02:32:00 | TDSSKiller found two entries and removed them on reboot, so fingers crossed!! Will see if NOD32 finds any more infections. Thanks 1101/Speedy! |
nofam (9009) | ||
| 1135020 | 2010-09-06 03:07:00 | if you still find infections Have a look at just where & what the infected files are ie :perhaps its finding old infected emails, another AV's quarenteen etc etc, false postives definitly run "spyware doctor", Ive found (on average) it has the best hit rate for spyware (but its unstable so uninstall afterwards) |
1101 (13337) | ||
| 1135021 | 2010-09-06 04:14:00 | combofix?? | GameJunkie (72) | ||
| 1135022 | 2010-09-06 04:29:00 | combofix?? TBH, Combofix scares me - I've never used it, so am never really sure when the right time to use it is!! :blush: NOD32 scan came up clear, so I'll let it run for the day, and see if it tries to send packets out again. |
nofam (9009) | ||
| 1135023 | 2010-09-06 05:20:00 | fair enough :) | GameJunkie (72) | ||
| 1 | |||||