Perhaps slightly off-topic -
The above statement suggests that programs will need to be loaded and running for rootkit to be exposed?
Not loaded. Not running. No exposure?
Boot from a rescue CD and eliminate the rootkit from outside Windows.
Rescue CD’s. Download and burn the disk image on an uninfected computer. Boot the infected computer from the disk and run a virus scan (after updating virus definitions if this option is present).
Sorry for late reply. Search for “CleanAfterMe”. It’s a very handy app. Once download check all options and clean. Hope it helps, remember that prevention is beter than a cure!
The SYS file you refered to is ‘fake’ system file proprably caused by one of the infections. Try to delete it and remember to create a restore point just in case.
Okay, I’ll try it. Right now I’m doing the Sophos scan again; I’ve been busy all day so I’ve just finally gotten back to the computer.
Okay, I’ll be sure to do that. As for the Java, though, I’m aware that’s out-of-date, too. I’ve never seen a need to update it. If it’s something that I do need to keep updated though, I will from now on. I’m looking forward to finally getting Norton off of this computer. I just want to do it after I solve this Rootkit problem.
Hmm. Okay, I’ll try updating, but first I want to get rid of this Rootkit.Agent (and Norton).
Um. I’ve never done something like that before. Will it leave all of my other files in tact? And which of those would be the best to try? What kind of disc do I use to burn it onto? Just a normal CD-R? I hope so, because that’s all I have…
Is that to help with the Rootkit problem? Or is it to help clean up some of the other problems that this computer is having? If it is the latter, I’d like to wait to do that until after the Rootkit problem has been solved.
EDIT: A friend of mine (who is pretty good with computers) suggested that I download AVG and try to scan with that. But I figure that if Avast and Malwarebytes can’t do anything, something like AVG probably won’t help, either. Still, I tried to install it, anyway; I didn’t finish, though, because it wanted me to uninstall Avast. So I would need to uninstall Avast to install AVG. Before I go and bother with that, would AVG even be worth trying for this particular problem?
Another EDIT: Sophos finished scanning and yielded the exact same results as yesterday. It looks like the disk cleanup did not remove the 13 files in the Temporary Internet Files. Would it be safe to use Sophos to remove them, considering that Sophos says that cleanup is not recommended for any of them? It says that they are all “Unknown Hidden Files.”
Avira is a good AV too, but not on the long run. Install it, scan for infections, and then use Spybot. Install avast! again. I’m still confused why a boot scan couln’t remove the rootkit? One of the trojans proprably added an autostart entry. Use run and type “msconfig” go to startup. Only known programs or drivers should be checked!
The Boot Time Scan was not even able to detect the file, much less delete it.
I didn’t see anything suspicious in msconfig, but I took the opportunity to disable some other things that aren’t needed at startup. I never knew I could do that or I would have done it a long time ago. Thank you for bringing my attention to it.
What did you disable in msconfig, Firefly24?
Reason I ask is that there is some stuff (often) in there that is best disabled via the program options, or services.
All of those are better disabled from starting via each programs options, there is a bit more info on services and msconfig here. (At this site, also have a look at the standard Services configuration.)
SpySubtract (by TrendMicro) should not even be present; unless the program is still maintained, it should be uninstalled.
SNDMon is one that might be appropriate to disable via msconfig, the others I’m pretty sure should be done via their individual program settings.
Um. I’ve never done something like that before. Will it leave all of my other files in tact? And which of those would be the best to try? What kind of disc do I use to burn it onto? Just a normal CD-R? I hope so, because that’s all I have…
Your files will not be affected.
I can’t really recommend any particular one. Your choice.
SpySubtract is something that apparently came with the computer and I don’t remember it ever really being there until after that system recovery I did. Can I just uninstall it with the Add/Remove programs tool, then?
I don’t think Microsoft Office is even installed. We lost our product key, so after the system recovery I could not reinstall it; which is why I have OpenOffice now. Not sure if I can get to any options for Microsoft Office. I’ll look though.
Okay. Thank you. I’ll give it a try. Might have to wait until tomorrow, though, when I’m not so sleepy.
I think it’s best to concentrate on the malware removal first, once the computer is clean, I’ll throw a couple of links and maybe tutorials on cleaning up the un-needed or unwanted stuff.
So don’t worry about that for now.
I’ve read a couple of good reports concerning both the DrWeb and the Avira CD’s. But that should be regarded as purely anecdotal as I’ve no direct experience.
What’ I’d probably do is look at each site -they’re all reputable and good quality- and maybe choose the one with the easiest to follow directions, but that’s just me.
Okay. I’ll wait to do anything else until the rootkit is gone, then. I already got rid of Norton though. Glad to have that done. Thanks so much for the help with that! I originally wanted to wait until after the rootkit thing was taken care of before I got rid of Norton, but aside from making Avast tell me that its there, the problem file does not seem to be having any effect on the computer. So I figured it would be okay to try to get rid of Norton. It worked, but I’ll quit messing with things for now until the rootkit issue is solved.
And as far as the rootkit goes, I think I’ll wait for a reply from micky77 about the RootRepeal report, then I’ll do the things you wanted me to do with HjT (unless I should do that first?), and then I’ll try one of those Rescue CDs.
But for now, I think I’ll go to bed and get back to all of this tomorrow.
Thanks again to you and to everyone who has helped me so far. All of your ongoing help is greatly appreciated!
Glad to help. If I were you I’d try and find an XP OS cd and do a repair install, I doubt that it will kill the rootkit but chances are good that it will. The bad thing about rootkits is that removal procedures are never simple. Incase you have another pc (not laptop) insert the infected hdd (as a secondary master)in it and manually delete the file, but scan it just to be thorough. Remember not to boot from the infected drive. If all else fails - format.