Rootkit virus? Nice ;)
Assuming this is XP:
Check what's in your Run folder in the Registry (HKEY_LOCAL... etc.)
Also, check the Temp folders for Administrator and Windows, as well as other
user accounts. Erase the content of these
temp folders.
Next:
1. boot up a Knoppix distro (in this case the 5.3.1 DVD) with the following
commands at the boot prompt:
knoppix forensic noswap nodhcp noapm noacpi
2. mount your HHDs, and enable write access, as you progress
3. delete every single file that you can see within the folders System Volume Information and Recycled, on every drive
in your system. Then delete these two folders, also. Don't worry, the O/S will rewrite current System Volume Information
and Recycled folders to sustitute.
4. unmount the mounted drives
5. reboot (remember to remove dvd), and rescan for malware... and maybe do the
same thing to the drives that you attach.
6. Get a cheap system (e.g. noiseless mini-ITX) for use as a gateway/firewall.
This will do you **very** good in the
long run.
7. As Christopher Fisk said, install the Secunia PSI - it's highly recommended,
and this util is worth gold, as it's
free for private users.
8. only use Firefox for internet browsing, and install and use the NoScript,
and the NoReferrer plug-ins.
Following the simple steps above should make your system immune to about 97-99
pct. of the present and future internet
trash, if you remember to update everything involved, that is.
HTH
Soren
Winterlight wrote:
Somewhere in the last 24 hours I picked up the rootkit virus
TrojanDownloader:Win32.Mesmer.A . Just about every time I try to use a
link I get redirected somewhere else. I am running Security Essentials
and a scan did find and eliminate it but of course when I rebooted it
was back. I know rootkit viruses are difficult or impossible to get rid of.
If I restore a clean Acronis image file of my OS partition, from last
month would that do it? Or should I spend the time trying to kill it and
if so what is the best way.. anybody have experience with this?
Thanks.
