Results 1 to 14 of 14

Thread: Rootkit virus totalled my work pc

  1. #1
    Senior Member WoodenHead's Avatar
    Join Date
    Feb 2013
    Location
    Sussex
    Posts
    373

    Rootkit virus totalled my work pc

    Last Monday I opened a link to a free sign making site, hazard signs, warning signs etc. I had used the site twice before.

    This time my pc dropped out and when I re-booted it I sat and watched like a rabbit in the headlights while a spoof 'microsoft virus removal site' loaded.

    I and better brains than me have spent the week on and off scanning and rescanning in safe mode and safe mode with networking using Malwarebytes in an attempt to remove the virus(es) Rootkit.0Access, Trojan.0Access, Trojan.0Ransom etc etc.

    Malwarebytes will not kill it nor can any software - e.g. from Sophos or Kaspersky be run, loaded by disc or stick . It's totally b*ggered

    On Thursday I bought a new Dell pc from Argos - delivered overnight rather than wait from Dell - and tomorrow I hope to reload by backed up data and outlook email.

    Interesting viruses - you have to admire them for their ability to screw up your system - but just glad we have the discipline to reliably back-up.

    Once I am back working - office pc wise - I will try and clean my old Dell. Anyone had experience of removing these file changing nasties?

    WH

  2. #2
    Senior Member
    Join Date
    Feb 2013
    Location
    Norfolk
    Posts
    127

    Re: Rootkit virus totalled my work pc

    Probably best to just reformat hard drive and clean install operating system once you know new machine is ok.

  3. #3
    Senior Member
    Join Date
    Feb 2013
    Posts
    277

    Re: Rootkit virus totalled my work pc

    you might be able to download a removal tool using another computer and with the virused one disconnected from the net run the removal tool from a pen drive or stick ,sometimes if its not connected to the net it can be deleted depending on the virus . If you ever see it happen again pulling the plug from the wall quick enough stops it fully installing but its easy to be wise after the event
    good luck with it

  4. #4
    Senior Member
    Join Date
    Feb 2013
    Posts
    277

    Re: Rootkit virus totalled my work pc

    ps have you looked on you tube for a clip to show you how to remove it ,I never watched it but it appears there is one there

  5. #5
    Senior Member WoodenHead's Avatar
    Join Date
    Feb 2013
    Location
    Sussex
    Posts
    373

    Re: Rootkit virus totalled my work pc

    Quote Originally Posted by defender View Post
    you might be able to download a removal tool using another computer and with the virused one disconnected from the net run the removal tool from a pen drive or stick ,sometimes if its not connected to the net it can be deleted depending on the virus . If you ever see it happen again pulling the plug from the wall quick enough stops it fully installing but its easy to be wise after the event
    good luck with it
    Quote Originally Posted by NQIT View Post
    Probably best to just reformat hard drive and clean install operating system once you know new machine is ok.
    Thanks Guys - we'll get the new one up and running today and 'splat' the old one reformatting the hard drive. I wish I hadn't sat there like a kn*b watching the obviously spoof anti virus site load - should have pulled out the ethernet.

  6. #6
    Administrator Blue's Avatar
    Join Date
    Feb 2013
    Posts
    66

    Re: Rootkit virus totalled my work pc

    Don't worry about it, it was already too late. As others have said, a reformat is the safest bet.

  7. #7
    Senior Member Cowabunga's Avatar
    Join Date
    Feb 2013
    Location
    Ceredigion, West Wales
    Posts
    1,221

    Re: Rootkit virus totalled my work pc

    Does Security Essentials or any other anti-virus thing not stop these things infecting machines? Or was this a brand new virus that hasn't been countered yet? Or was the machine's anti-virus system non-existent or disabled?

  8. #8
    Member quadbod's Avatar
    Join Date
    Feb 2013
    Location
    North Suffolk
    Posts
    60

    Re: Rootkit virus totalled my work pc

    Quote Originally Posted by Cowabunga View Post
    Does Security Essentials or any other anti-virus thing not stop these things infecting machines? Or was this a brand new virus that hasn't been countered yet? Or was the machine's anti-virus system non-existent or disabled?
    Presumably permission was given for it to run?

  9. #9
    Member
    Join Date
    Feb 2013
    Location
    Leicestershire
    Posts
    31

    Re: Rootkit virus totalled my work pc

    Quote Originally Posted by Cowabunga View Post
    Does Security Essentials or any other anti-virus thing not stop these things infecting machines? Or was this a brand new virus that hasn't been countered yet? Or was the machine's anti-virus system non-existent or disabled?
    My experience shows that the free antivirus stuff doesnt always pick up the rootkit nasties. Which operating Systeem do you use i.e XP Win7 may have some tips for for security setup etc if interested?

  10. #10
    Junior Member
    Join Date
    Feb 2013
    Location
    Ireland
    Posts
    21

    Re: Rootkit virus totalled my work pc

    In my experience no virus protection (free or paid) will catch 100% of everything. If you have your data saved do a clean install on the machine. Easiest and safest.

  11. #11
    Senior Member WoodenHead's Avatar
    Join Date
    Feb 2013
    Location
    Sussex
    Posts
    373

    Re: Rootkit virus totalled my work pc

    Twas Windows XP - running Microsoft Security Essentials. It was 'invited on' you could say when I opened a link to a website online (hyphen) sign (dot com) - butobviously don't try it yourself!! We've used this site a couple of times before to make A4 sized 'free' warning / hazard signs and the bogus microsoft looking 'anti-virus' page started running after the computer dropped out (itself unusual) and started to re-boot.

    We tried a number of anti malware fixes including malwarebytes, kaspersky, sophos etc - specific fixes for rootkit viruses but even in safe networking mode it refused to allow access to the anti malware programmes and when trying running off a stick, the drive the stick was on became invisible. As earlier post, we are now up and running on a new pc with the data (fortunately all backed up to date) reloaded including Outlook.

    New pc - 350, IT bod 350, virtually a week's office work t*ts-up as working on a laptop isn't the same.

    Interested to know whether anyone knows whether we should be running any more anti malware programmes in the background that works with or alongside Microsoft Security Essentials

    WH

  12. #12
    Member
    Join Date
    Feb 2013
    Location
    Leicestershire
    Posts
    31

    Re: Rootkit virus totalled my work pc

    So glad you had a backup!! Normally my rule of thumb is if you have backup you dont need, but if you dont have one.....

    We use kaspersky Enterprise at my work place and this has rootkit/maleware etc all built in and catches stuff that the symantec we used to have. Sophos is full of holes, and the owner is on the run for murder so not the best in the world!! Kaspersky has done us proud except we had a problem last week with a faulty update that caused bit of grief on the pcs but soon cleared up. the problem is if it gets past the antivirus is can be a mare to get it off.

    If you new station has win 7 make sure you turn off 'Autorun' and set User Acess control higher than you need. Most stuff get through via Autorun as its a default setting and allows stuff to open on its own, like when you put in a CD and it starts up automatically. On my network I turn autorun off and although then users moan it stops alot of stuff. Internet explorer has some settings to stop rubbish getting in also.

    Always make sure windows updates are upto date and other stuff like Adobe programs Acrobat Reader, Flashplayer and also java which is prone to holes.

  13. #13
    Senior Member
    Join Date
    Feb 2013
    Location
    Sussex
    Posts
    172

    Re: Rootkit virus totalled my work pc

    I had something similar and for reference I used a little program called rkill which stopped the virus hiding itself. The are hard to get rid of but I was successful after deleteing nearly every helpfile on the computer as that is where it hid and duplicated itself.

  14. #14
    Senior Member
    Join Date
    Feb 2013
    Posts
    537

    Re: Rootkit virus totalled my work pc

    The lesson here is that thankfully you have a workable (presumably!) backup of important data that is clean.

    In terms of restoring the infected PC ; reformat the drive and reinstall the OS and everything else from scratch. If you're keen and the PC reasonably modern, take the oppertunity to maybe upgrade to an SSD and add some more memory.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •