Good evening all,
I recently ran the avast free anti virus scan and it detected a rootkit named cidrox.a and I’m not sure how to get rid of it…
I tried tdss killer and another rootkit remover but it was undetected by those program scans.
I scanned through mbam and emisoft and both of them did not detect it either.
I’m in need of professional help and would would be greatly appreciative to the reply.
Thank you,
Cody
Hello Cody,
Follow this guide and attach requested logs: https://forum.avast.com/index.php?topic=53253.0
Malware removal experts will be online later european time 
(2am here as im writing this)
Hey Steven!
Thank you very much for the response, I’m sorry it took awhile to reply I was getting those logs ready. Hopefully you’re having a good night so far. I also noticed a suspicious program by the name of “Malware Protection Live” on my computer today in addition to the Rootkit: Cidrox.A.
But here are the attached log files as requested, please let me know if you need any further details.
Thank you so much yet again Steven.
Cody
Hello,
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/combofix/51a5bf3d99e8a-ComboFixlogo16.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Accept the disclaimer and agree if prompted to install Recovery Console.
[*]Do not take any actions while ComboFix goes through your System - it may cause it to stall!
[]This scan may take some time!
[]When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
http://forum.programosy.pl/images/smilies/icon_idea.gif
If you’ll encounter any issues with internet connection after running ComboFix, please visit this link.
http://forum.programosy.pl/images/smilies/icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner
Please download AdwCleaner by Xplode and save the file to your Desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Accept the Terms of use.
[*]Wait until the database is updated.
[*]Click Scan.
[*]When finished, please click Cleaning.
[]Your PC should reboot now.
[]After reboot, logfile will be opened. Copy its content into your next reply.
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
Thank you for the reply back, and I’m sorry about the delayed response back. Hope you are having a good day today!
After my last post yesterday I ran Adwcleaner prior to your instructions and it removed the adware “malware live protection”.
So, is the ComboFix scan log gonna help cure and remove the rootkit: cidrox.a ? Or is the ComboFix instructed for just the malware live protection? Not fully understanding the use of combo fix sorry…
Thank you again, look forward to your reply
Cody
Not fully understanding the use of combo fix sorry...It is not complicated ... download and save to your desktop, run as instructed, attach log
also attach Adwcleaner log
Sometimes neither I understand why am I using ComboFix, but believe me, it is a very good tool that was probably run several million times or even more. Part of this is a joke of course
Please attach ComboFix and Adwcleaner reports.
Good Afternoon,
I’m so sorry again for the late reply… I just got work. Gotta love 18 hour days at a prison. >:( j/k and I knew what ya meant (:
I was able to do those scans for you by the way.
Here they are attached…
Once again sir, thank you for all the help with everything!! I hope we can fix this (:
How is your PC behaving now?
Nothing has changed. And it still says I have a root kit the rootkit is “rootkit: cidox.a” how can I remove it? Thenk you (:
Can you attach the picture of Avast warning?
I will be happy to! I’m just at work for a little bit today on overtime.
When you stated how is my computer behaving now. I’m not sure we did anything to remove the rootkit:cidox.a and c://boot as we only dig scans and generate logs.
I’m not sure if I have missed a step I apologize. What was the steps to do after combo fix besides attach the log to my reply? I thibk I may have missed something. Sorry again.
Thanks,
Cody
You did everything fine, don’t worry. I would like to see Avast warning picture.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1441324187.bdinstall.bin
c:\documents and settings\All Users\Application Data\1441326391.bdinstall.bin
c:\documents and settings\All Users\Application Data\1442452394.bdinstall.bin
c:\documents and settings\All Users\Application Data\1442452424.bdinstall.bin
c:\documents and settings\All Users\Application Data\1442452592.bdinstall.bin
c:\documents and settings\All Users\Application Data\1442458882.bdinstall.bin
c:\documents and settings\All Users\Application Data\1442458893.bdinstall.bin
c:\documents and settings\Sue\Application Data\Laovle
c:\documents and settings\Sue\Application Data\Laovle\iqaxhe.exe
c:\documents and settings\Sue\Application Data\Laovle\trzD1D7.tmp
c:\documents and settings\Sue\Application Data\Liidor
c:\documents and settings\Sue\Application Data\Liidor\egekyb.exe
c:\documents and settings\Sue\Application Data\Liidor\trzD1D6.tmp
Not quite true. Combofix targeted some files that were malicious. Just not the malicious files (All of them) from Cidox.
How do I fix this then? I’m so confused with this. I attached the files as requested of the warning.
I do not see a picture attached.
Removing bootkits, isn’t a 2 click solution, even with such a powerful such as Combofix. Also, the aforementioned picture isn’t there.
Sorry it won’t upload it said there was an error loading give me 3 mins to run down stairs
Sorry, my photo did not attach. It is attached now. How would I remove a boot kit? and what is the different between a rootkit and bootkit?
and what is the different between a rootkit and bootkit?
http://lmgtfy.com/?q=what+is+the+different+between+a+rootkit+and+bootkit%3F