3 hours to remove malware from my PC (Trojan & Rootkit)

[admin]

Well I fell for the latest movie thingy release on a torrent website and downloaded what I thought was a movie. Turns out it was not a movie it was a fecking dummy file with an attached codec pack.

In order to watch the movie it requested that I installed the codec pack, That should of had alarm bells ringing straight away. Anyway I decided to go ahead and install the codec package.

Which infact was not a codec pack and the dummy file was a not a movie, unknowingly I had just installed a Trojan and a rootkit. Doh!! :bomb:

I know my stupid fault, now this is the part that annoys me. I use AVG internet security, AVG never picked up the trojan or the rootkit. My computer was starting to become sluggish and I knew something was wrong as i have a reasonable powered machine.

I ran AVG again, found nothing. So I installed MalwareBytes (https://www.malwarebytes.org) ran the scan and it picked up the trojan but not the rootkit (which at that point I never knew I had a rootkit). MalwareBytes removed the trojan but never found the rootkit. Although to the credit of their popup reporting tool is of reasonable quality.

Something was still wrong, my computer still did not feel it`s usual power, MalwareBytes was showing popups saying website block possible infected website, it was doing this over and over to around 10 domains (which I tracked back to Russian IP addresses) I check the running processes and found their to be 4 maybe 5 instances of explorer.exe (Win 7) with a couple of almost using 2gb memory each.

So I ran AVG and MalwareBytes again on deep scans, both came up clean which is incorrect there was a rootkit running malware tasks. After reading forum thread after thread on the MalwareBytes website, I found a thread in which the user was experiencing similar problems to myself, someone said try using Hitman Pro: http://www.surfright.nl/en/hitmanpro/

I downloaded Hitman Pro ran the scans and guess what it found the offending rootkit and removed it, that AVG and MalwareBytes both failed to pick up on two scans each. Hitman Pro saved the day.

Hitman Pro - Second Opinion Malware Scanner

If your child is not feeling well and you suspect he or she has a virus infection you're going to visit your doctor. But what do you do when the doctor tells you that he cannot find anything but your child still does not feel very well? Of course, you go to visit another doctor for a second opinion.

This is the same what HitmanPro does for your computer. HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.).

I`ll be more careful next time, I wrote this thread as a warning and help if anyone has the same problem to save time as it took me around 3 hours to diagnose and disinfect the malware.

 

[jaran]

At the last time Im using Spy Hunter 4 to scan malware viruses. My PC got infected by walware too. Thank Chris. I will tried it later.

 

[GigaGreg]

I always use Malware Bytes, its free and it cleans your computer completely, not like other free programs that only scans for malware and doesnt do anything to clean the computer.
I use AVG and for some reason I don't have problems with malware, my AVG scans for it, but cannot delete it, so I use Malware Bytes for it.
I have heard of Hitman Pro, but never used it.

 

[Genesis]

Thanks for sharing that Chris, WOW what an awful experience. I've had issues as well at one stage but not on your level. It was something really irritating - a funtimes bar that came with downloading software. Malwarebytes sorted it out for me. But I knew I needed something better. I'll definitely try out Hitman Pro. :good:

 

[UniTrans]

I use MalwareBytes for years! Once I downloaded a TV Drama Recollection from Torrent, after extracting it, the file size keeps enlargening until 15EB (I know it's my fault) then my computer rebooted due to RAM/CPU and Hardrive overload! Took hours to clean up the mess! :shock:

 

[fyzz08]

[No message]

 

[WackyPeanut]

Never used MalwareBytes, only Avira, AVG, Avast! and Bitdefender.
Never use SpySherrif, it's just a trojan that digusises himself as a anti-virus.

An old antivirus "Anti-anti-virus" should also be not used, it's a 80's virus that digusised as a antivirus.

I also had an similar experience when i tryed to download a Pokemon game (though they are crap) and it was just a worm. It deleted C:/WINDOWS/System32 and C:/WINDOWS.

Thank for sharing, Chris.

 

[Genesis]

Reminds me I haven't scanned my computer in a while. I use Malwarebytes and find it pretty reliable. It got recommended through Mozilla Firefox at the time when I first used it, which was about four years ago.

 

[strokerace]

LOL, I don't use any. I had tried bitdefender last week. It removed some of my legit programs. It said I had been infected with salty32. Which I was as I play on the darkside at times. Anyways, the programs it affected where programs that I used for torrents or downloaded with cracks.

But Wackey is correct about those other programs give false positives so you will always pay them to protect your PC. There was an article a few years ago where an AV company was busted for making people believe they were infected all the time.

 

[Genesis]

Agreed. Any "security" program that does its work by getting involved in the registry needs to be checked out a million times. I'd go through all available reviews and recommendations - pros and cons. And if there are none, stay well away.

 

[kokakoda]

Just signed up so can't link yet, but check out TronScript (you'll find it on reddit) if your machine gets completely b0rked. It bundles a load of anti virus/malware/rootkit tools and runs 'em all in sequence. It's not completely automated yet, but dang close, and saves hours of frustration doing it all manually.

+1 for Malwarebytes - does a good job at cleaning out most of the crap, but sometimes misses some of the nasties. Use that along with maybe Avira or avast! and it'll cover most of the bases.

Sometimes though, reinstalling's the quicker option. Set up your machine the way you like it, image it, then if it comes to it you can just restore the image.

 

[GigaGreg]

Sometimes though, reinstalling's the quicker option. Set up your machine the way you like it, image it, then if it comes to it you can just restore the image.

You are one of those people who dislike the formatting option. Restore is way better !

 

[helpless]

Try AVZ/Z-Oleg
very powerfull util
it's free
http://www.malwareremoval.com/forum/viewtopic.php?f=26&t=48936

 

[kodonokami]

a good way is to use a program like "process explorer" to see the process and try to finish it if it is in memory, remove the files related to it later, see the files that start with system using hijackthis or other and end unknown (in doubt sends to the total virus to be analyzed for over 40 different anti-virus)

note: my English is a little bad kkk, am Brazilian

 

[ogah]

can you please check this file containing virus/malware or not.
http://www.4shared.com/zip/YUxiaKmRba/andi.html
this is a wordpress themes, i get the themes from my friend without css, he ask me to help him make the css, theme option and some extra function. when i send the progress file via facebook chat he say my file contain a virus, then i upload it to 4shared. mcafee in 4shared say it clean but when my friend download that file his antivirus still give an alert my file containing a virus.
my friend use smadav. i ask him but he dont know what virus (my friend is a blind man)

 

[Genesis]

Try and use this online scanner for checking for malware. It checks the file separately for over 49 antivirus and malware checker programs and gives you a red signal, if any of those programs find a virus or hidden codes. Click the URL tab and then just enter the URL .html file:
https://www.virustotal.com/

 

[ogah]

thanks Genesis, i will try it

 

[omahtengah]

i prefer reinstalling all from begining, including all software, then setup everything, if everything going fine, then use norton ghost to save whole partition.
use deepfreeze or something like that for daily working, and in case of trouble restore your ghost image.

 

[hustler]

thanks for the share. i think im gonna get a pc infected and try to test the hitman out and see how it works