Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?
New Posts  All Forums:Forum Nav:

How can I get rid of this nasty virus?

post #1 of 85
Thread Starter 
My friend's mom recently had her debit card hacked into and the hacker charged $550 to it. She buys a lot of things online with the debit card so that could be the reason why, but I decided to take a look at it when I was at their house today.

The laptop is pretty old, around 6 years old, and it has Windows XP on it. They had Norton installed and they told me not to remove it because apparently Norton is the best (sad, I know). I finally persuaded them to remove it and I installed Malwarebytes, SuperAntiSpyware, and Avast. Avast found ~150 viruses and successfully removed them. However, whenever I scanned with Malewatebytes and SuperAntiSpyware I always got these 8 viruses called Rootkits which it just couldn't remove. It said they would be removed, but when you restarted the PC they reappeared. All the other viruses were deleted though.

I tried various methods and I can't seem to remove them. Anyone know anyway to remove them?

What exactly is a rootkit and what threats does it pose?
post #2 of 85
Quote:
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.[1]
Quote:
Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternate, trusted operating system; behavioral-based methods; signature scanning; difference scanning; and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem.
Source: Wikipedia

Someone may post here with a method to remove it, but the easiest and fastest thing to do is to format the drive and reinstall the OS. You can try a livecd with anti-virus software on it if you want to avoid the formatting route.
post #3 of 85
Thread Starter 
Quote:
Originally Posted by Taylorsci View Post
Source: Wikipedia

Someone may post here with a method to remove it, but the easiest and fastest thing to do is to format the drive and reinstall the OS. You can try a livecd with anti-virus software on it if you want to avoid the formatting route.
Problem is that their CD drive is broken (physically broken, not software related) so I can't install Windows XP again. Also, they don't even have the recovery disks.

Is there anyway to reinstall XP via USB?

Another problem would be that they have around 100GB of pictures and family videos on there and they did not back it up, and the laptop is extremely slow, so they can't retrieve them. That's why I want a reinstall to be the last option.
post #4 of 85
You're talking about something that stole her credit card number. I almost never suggests formatting, but I think in this case it's better to play it safe and do that.

Know that Norton, Avast, Malwarebytes, etc. don't always get everything. My roommate got a virus/trogan recently and we scanned their computer with Avira and Malwarebytes which claimed to have gotten rid of everything, yet when they used their computer it was easy to tell that stuff had been missed (and repeated scans never showed anything new).

Do you have an external drive or a large USB? You could install a Linux OS to that and then be able to get to all their files that you want to backup.
Karnak
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II x2 550 @ 3.7Ghz Gigabyte MA-770T-UD3P Gigabyte 6850 1GB G.Skill 4GB DDR3 @ 1333 
Hard DriveOSMonitorPower
WDC 640GB Windows 7 Ultimate 64bit Acer X223Wbd Antec 650W 
CaseMouse
Antec 300 Logitech MX Revolution 
  hide details  
Reply
Karnak
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II x2 550 @ 3.7Ghz Gigabyte MA-770T-UD3P Gigabyte 6850 1GB G.Skill 4GB DDR3 @ 1333 
Hard DriveOSMonitorPower
WDC 640GB Windows 7 Ultimate 64bit Acer X223Wbd Antec 650W 
CaseMouse
Antec 300 Logitech MX Revolution 
  hide details  
Reply
post #5 of 85
Quote:
Originally Posted by ComradeNF View Post
They had Norton installed and they told me not to remove it because apparently Norton is the best (sad, I know).
Lolque? Norton IS the best. Anyone who says otherwise is just on the Norton hating bandwagon, and there's no basis for that.

Anyway, run a boot time scan so it scans before the OS completely loads.
Marshmallow
(14 items)
 
Corsair H100 - Excellent Compact Cooler
Corsair Hydro Series H100 Extreme Performance Liquid CPU Cooler (CWCH100)
 
CPUMotherboardGraphicsRAM
Core i7 920 @ 4.0GHz - 1.21v EVGA Classified X58 Asus GTX 580 DirectCU II 6GB Mushkin Blackline 
Hard DriveCoolingOSMonitor
Corsair F60 + 1TB Spinpoint F3 Corsair H100 Windows 7 Ultimate x64 Asus MK241H 24" 1920x1200 
KeyboardPowerCaseMouse
Das Model S Professional Silent Antec BP550 Plus NZXT Phantom Razer DeathAdder 
  hide details  
Reply
Marshmallow
(14 items)
 
Corsair H100 - Excellent Compact Cooler
Corsair Hydro Series H100 Extreme Performance Liquid CPU Cooler (CWCH100)
 
CPUMotherboardGraphicsRAM
Core i7 920 @ 4.0GHz - 1.21v EVGA Classified X58 Asus GTX 580 DirectCU II 6GB Mushkin Blackline 
Hard DriveCoolingOSMonitor
Corsair F60 + 1TB Spinpoint F3 Corsair H100 Windows 7 Ultimate x64 Asus MK241H 24" 1920x1200 
KeyboardPowerCaseMouse
Das Model S Professional Silent Antec BP550 Plus NZXT Phantom Razer DeathAdder 
  hide details  
Reply
post #6 of 85
I would definitely recommend a complete format. And you can install XP from USB. http://www.windowsvalley.com/install...ice-pen-drive/
Malice
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600K @ 4.6GHz Asus Maximus IV Extreme MSI Lightning Xtreme SLI 16gb Corsair Vengeance LP 
Hard DriveOSKeyboardPower
2x Crucual M4 128gb, 4x WD Black 2tb Windows 7 Ultimate x64 Saitek Cyborg Antec HCP-1200 
CaseMouse
CoolerMaster HAF-X Razer Lachesis Banshee Red 
  hide details  
Reply
Malice
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600K @ 4.6GHz Asus Maximus IV Extreme MSI Lightning Xtreme SLI 16gb Corsair Vengeance LP 
Hard DriveOSKeyboardPower
2x Crucual M4 128gb, 4x WD Black 2tb Windows 7 Ultimate x64 Saitek Cyborg Antec HCP-1200 
CaseMouse
CoolerMaster HAF-X Razer Lachesis Banshee Red 
  hide details  
Reply
post #7 of 85
Thread Starter 
Quote:
Originally Posted by Ipwnnubletz View Post
Lolque? Norton IS the best. Anyone who says otherwise is just on the Norton hating bandwagon, and there's no basis for that.

Anyway, run a boot time scan so it scans before the OS completely loads.
No it isn't. It barely detected any of the viruses when I scanned with Norton.

Also, @ above poster, can you install Ubuntu Linux on another partition and access the folders from your windows partition? If so, that could be an option. I hope Ubuntu is under 20GB though since that is all they have.
post #8 of 85
Ugh I feel your pain. Sometimes you just have to leave it up to the experts who know what to find through that one software called 'HijackThis' unless you know what you're dealing with in terms of what to delete/remove and keep.

I gave up on helping friends/family clean out their computer from virus/spyware as the best thing to do in the end would be to reinstall OS if I couldn't find the culprit within the registry or system folders. Why I find it painful is when dealing with manufactured computers which would make a reinstall not a viable option.
愛(Ai)
(39 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7 990X @ 4.4GHz eVGA E760 X58 Classified  2x eVGA GTX980Ti 6GB Classified SLI eVGA GT 740 4GB SC 
RAMHard DriveHard DriveHard Drive
Corsair Dominator GT 6x4GB (24GB) Samsung 850 PRO 2TB 4x Seagate Barracuda XT 2TB (RAID-5) 6x Seagate Barracuda XT 3TB (RAID-6) 
Hard DriveHard DriveOptical DriveCooling
Sans Digital TR8UT+B Enclosure 8x500GB (RAID-50) Sans Digital TR8UT+B Enclosure 8x1TB (RAID-50) LG WH16NS40 Blu-Ray Burner Swiftech Apogee Drive II 
CoolingCoolingCoolingOS
Swiftech MCR320 10x Sanyo Denki 9SG1212G101 (260CFM) 3x Sanyo Denki 9G1212G401 (130CFM) Windows 7 Ultimate 64bit 
MonitorMonitorKeyboardPower
3x Yamakasi Catleap 2703 IPS 27" 2560x1440 Sony KDL50W800C 50" Smart 3D LED HDTV Logitech G710+ Mechanical Keyboard Brown Switches EVGA SuperNOVA NEX1500 Classified 
CaseMouseMouse PadAudio
Cooler Master ATCS 840 (Modded) Logitech G700s Rechargeable Gaming Mouse XTracPads Ripper XXL Desktop Gaming Mat HT Omega Claro Plus+ 7.1 
AudioAudioAudioAudio
Logitech Z-5500 5.1 Digital Speaker System Sony HTST9 7.1 Sound Bar Beyerdynamic A20 Headphone Amplifier Beyerdynamic DT 770 Pro 250 ohm Headphones 
AudioAudioOtherOther
Beyerdynamic Premium Tesla Hi-Fi T70 Headphones Blue Yeti Pro Microphone Elgato Game Capture HD60 Pro Areca ARC-1260 RAID Controller Card 
OtherOtherOtherOther
2x Lamptron FC-2 Fan Controller Lian Li EX-H34B Hot Swap Cage CyberPower CP1500PFCLCD UPS D-Link Amplifi Cloud Router 5700 
OtherOtherOther
Logitech HD Pro Webcam C910 AmazonBasics 7 Port USB 2.0 Hub Saitek ST290 Pro Joystick 
  hide details  
Reply
愛(Ai)
(39 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7 990X @ 4.4GHz eVGA E760 X58 Classified  2x eVGA GTX980Ti 6GB Classified SLI eVGA GT 740 4GB SC 
RAMHard DriveHard DriveHard Drive
Corsair Dominator GT 6x4GB (24GB) Samsung 850 PRO 2TB 4x Seagate Barracuda XT 2TB (RAID-5) 6x Seagate Barracuda XT 3TB (RAID-6) 
Hard DriveHard DriveOptical DriveCooling
Sans Digital TR8UT+B Enclosure 8x500GB (RAID-50) Sans Digital TR8UT+B Enclosure 8x1TB (RAID-50) LG WH16NS40 Blu-Ray Burner Swiftech Apogee Drive II 
CoolingCoolingCoolingOS
Swiftech MCR320 10x Sanyo Denki 9SG1212G101 (260CFM) 3x Sanyo Denki 9G1212G401 (130CFM) Windows 7 Ultimate 64bit 
MonitorMonitorKeyboardPower
3x Yamakasi Catleap 2703 IPS 27" 2560x1440 Sony KDL50W800C 50" Smart 3D LED HDTV Logitech G710+ Mechanical Keyboard Brown Switches EVGA SuperNOVA NEX1500 Classified 
CaseMouseMouse PadAudio
Cooler Master ATCS 840 (Modded) Logitech G700s Rechargeable Gaming Mouse XTracPads Ripper XXL Desktop Gaming Mat HT Omega Claro Plus+ 7.1 
AudioAudioAudioAudio
Logitech Z-5500 5.1 Digital Speaker System Sony HTST9 7.1 Sound Bar Beyerdynamic A20 Headphone Amplifier Beyerdynamic DT 770 Pro 250 ohm Headphones 
AudioAudioOtherOther
Beyerdynamic Premium Tesla Hi-Fi T70 Headphones Blue Yeti Pro Microphone Elgato Game Capture HD60 Pro Areca ARC-1260 RAID Controller Card 
OtherOtherOtherOther
2x Lamptron FC-2 Fan Controller Lian Li EX-H34B Hot Swap Cage CyberPower CP1500PFCLCD UPS D-Link Amplifi Cloud Router 5700 
OtherOtherOther
Logitech HD Pro Webcam C910 AmazonBasics 7 Port USB 2.0 Hub Saitek ST290 Pro Joystick 
  hide details  
Reply
post #9 of 85
Quote:
Originally Posted by ComradeNF View Post
Problem is that their CD drive is broken (physically broken, not software related) so I can't install Windows XP again. Also, they don't even have the recovery disks.

Is there anyway to reinstall XP via USB?

Another problem would be that they have around 100GB of pictures and family videos on there and they did not back it up, and the laptop is extremely slow, so they can't retrieve them. That's why I want a reinstall to be the last option.
You can mount the ISO to a USB, you'll have to look up the steps though.

As someone else said you can use a livecd (liveusb in your case) to recover the photos/video.

Quote:
Originally Posted by Ipwnnubletz View Post
Lolque? Norton IS the best. Anyone who says otherwise is just on the Norton hating bandwagon, and there's no basis for that.

Anyway, run a boot time scan so it scans before the OS completely loads.
Comment about norton aside, this is a good idea.
post #10 of 85
Quote:
Originally Posted by Ipwnnubletz View Post
Lolque? Norton IS the best. Anyone who says otherwise is just on the Norton hating bandwagon, and there's no basis for that.

Anyway, run a boot time scan so it scans before the OS completely loads.
There's plenty of basis for that.
http://www.av-comparatives.org/en/co...detection-test

It isn't terrible by any means (and yes, it is quite good). But you can get equally good AVs for free.
Karnak
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II x2 550 @ 3.7Ghz Gigabyte MA-770T-UD3P Gigabyte 6850 1GB G.Skill 4GB DDR3 @ 1333 
Hard DriveOSMonitorPower
WDC 640GB Windows 7 Ultimate 64bit Acer X223Wbd Antec 650W 
CaseMouse
Antec 300 Logitech MX Revolution 
  hide details  
Reply
Karnak
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II x2 550 @ 3.7Ghz Gigabyte MA-770T-UD3P Gigabyte 6850 1GB G.Skill 4GB DDR3 @ 1333 
Hard DriveOSMonitorPower
WDC 640GB Windows 7 Ultimate 64bit Acer X223Wbd Antec 650W 
CaseMouse
Antec 300 Logitech MX Revolution 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?