Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: How may I remove a Rootkit reported for a Windows 7 please

  1. #1
    Join Date
    Apr 2008
    Location
    Winchester, UK
    Beans
    264
    Distro
    Ubuntu 14.04 Trusty Tahr

    How may I remove a Rootkit reported for a Windows 7 please

    A friend of mine runs W7 on his PC. A month ago it started to run slugishly and this morning after the daily AVAST anti-virus update AVAST reported that his sytem was infected with a Rootkit and wanted to schedule a boot time scan. He did a boot time scan and AVAST reported four occurrences of the same file and he then had AVAST move these to its virus chest. He rebooted his PC but there was no change in its slow perfomanace.

    I read this way of removing a rootkit: http://www.ehow.com/how_6506657_fix-...it-ubuntu.html but it could be a scam.

    Advice welcomed please.
    MSi CR620 (Novatech i3 Core i3-350M) 2.27GHz 2GiB RAM, 250GiB SSD, Ubuntu 14.04 & XP
    ASUS ZenBook UX305 (Intel® Core™ M-5Y10c ) CPU @ 0.80GHz × 4, 8GiB RAM, 128Gib SSD, Ubuntu 14.04 & W10

  2. #2
    Join Date
    Oct 2012
    Beans
    55

    Re: How may I remove a Rootkit reported for a Windows 7 please

    Why not just recommend your friend to ask for help on the avast forum? They have some excellent malware removal experts there, who can suggest the correct tools (including linux live cd's if needed) for that rootkit.

  3. #3
    Join Date
    Jun 2012
    Beans
    301

    Re: How may I remove a Rootkit reported for a Windows 7 please

    i would backup all his data, reformat his disk, and re-install windows. the rootkit may be in the MasterBootRecord: Use a low-level format on the disk.

  4. #4
    Join Date
    Apr 2008
    Location
    Winchester, UK
    Beans
    264
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How may I remove a Rootkit reported for a Windows 7 please

    maglinu,

    Thank you.

    Having not used Windows for a while that did not occur to me. Durr!!!
    Last edited by welshmike; April 12th, 2013 at 03:00 PM.
    MSi CR620 (Novatech i3 Core i3-350M) 2.27GHz 2GiB RAM, 250GiB SSD, Ubuntu 14.04 & XP
    ASUS ZenBook UX305 (Intel® Core™ M-5Y10c ) CPU @ 0.80GHz × 4, 8GiB RAM, 128Gib SSD, Ubuntu 14.04 & W10

  5. #5
    Join Date
    Apr 2008
    Location
    Winchester, UK
    Beans
    264
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How may I remove a Rootkit reported for a Windows 7 please

    mike aker,

    That would be my approach and have done it for other people's screwed Windows systems in the past.
    I really did not want to impose on my friend all the Windows hassle of OS reinstall and reinstall of all the applications.

    Pardon my ignorance about Low Level Formatting but having used Mr Google I found this and am now "educated" .

    P.S.
    (It is really so friendly that Ubuntu makes things so much easier and in particular going from one release to another.
    I have dual boot of a previous 10.04 and current 12.04 LTS releases of Ubuntu that share the same /home.
    It is super that Ubuntu Software Centre contains most of the applications I need.)
    Last edited by welshmike; April 12th, 2013 at 03:14 PM.
    MSi CR620 (Novatech i3 Core i3-350M) 2.27GHz 2GiB RAM, 250GiB SSD, Ubuntu 14.04 & XP
    ASUS ZenBook UX305 (Intel® Core™ M-5Y10c ) CPU @ 0.80GHz × 4, 8GiB RAM, 128Gib SSD, Ubuntu 14.04 & W10

  6. #6
    Join Date
    Apr 2013
    Beans
    2

    Re: How may I remove a Rootkit reported for a Windows 7 please

    Might be too late but did you catch what type Rootkit that Avast detected? Most...if not all...can be removed but the problem is the amount of damage done to the system prior to finding the rootkit...especially if dealing with Sirefef infection. The use of aswMBR or TDSSKiller would probably be the best approach. Hope that helps.

  7. #7
    Join Date
    Apr 2008
    Location
    Winchester, UK
    Beans
    264
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How may I remove a Rootkit reported for a Windows 7 please

    My friend did tell me. It was a file containing a program that he never runs and was copied from his Documents folder on his old PC.
    So it was a false positive but nevertheless he got AVAST to put it in its quarantine chest.

    However his PC still runs slowly and it is time he got around to running Malwarebytes.
    MSi CR620 (Novatech i3 Core i3-350M) 2.27GHz 2GiB RAM, 250GiB SSD, Ubuntu 14.04 & XP
    ASUS ZenBook UX305 (Intel® Core™ M-5Y10c ) CPU @ 0.80GHz × 4, 8GiB RAM, 128Gib SSD, Ubuntu 14.04 & W10

  8. #8
    Join Date
    Jun 2012
    Beans
    301

    Re: How may I remove a Rootkit reported for a Windows 7 please

    Quote Originally Posted by welshmike View Post
    My friend did tell me. It was a file containing a program that he never runs and was copied from his Documents folder on his old PC.
    So it was a false positive but nevertheless he got AVAST to put it in its quarantine chest.

    However his PC still runs slowly and it is time he got around to running Malwarebytes.
    windows PCs slow down over time. for one thing they tend to accumulate LOTS of junk files -- in the \temp area partcularly . I normally use PC Tools Reg Mechanic to perform the clean-up and this corrects registry errors as well

    another thing-- the disk on a windows pc gets fragmented because windws tries to keep all data at the outter edge of the disk rather tha choosing to write into contiguous sectors when possible . so in addition to the junk clean up you need a defrag run .

    the real question is : what is preventing this person from switching to Linux/Ubuntu ? The new LibreOffice 4 is a significant improvement .

  9. #9
    Join Date
    Apr 2008
    Location
    Winchester, UK
    Beans
    264
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: How may I remove a Rootkit reported for a Windows 7 please

    Oh I do so agree about Windows slowdown in general. I've had so many calls from friends and associates needing help to fix such.
    IMO it was a bad design decision to have a registry and the opportunity for applications to mismanage DLLs. Frag of NTFS is well known. Not so with ext4.

    The above plus the origin of Windows being DOS and written as a stand alone opsys with later additions of code to handle networking produced a bodge job of an OS.
    That's why I run a Linux distro; a networking system from its Unix roots
    Currently Ubuntu 12.04 after years starting at 8.04 and holding onto 10.04 until now is coming along nicely for me.

    Despite repeated entreaties my friend is averse to change and going to Ubuntu. Going from XP on his old PC to W7 on a new fast one was enough of a change for him.

    P.S. I'm looking into running Malwarebytes and/or GMER and/or TDSSkiller to see what may be ailing my friend's W7.
    MSi CR620 (Novatech i3 Core i3-350M) 2.27GHz 2GiB RAM, 250GiB SSD, Ubuntu 14.04 & XP
    ASUS ZenBook UX305 (Intel® Core™ M-5Y10c ) CPU @ 0.80GHz × 4, 8GiB RAM, 128Gib SSD, Ubuntu 14.04 & W10

  10. #10
    Join Date
    Jun 2012
    Beans
    301

    Re: How may I remove a Rootkit reported for a Windows 7 please

    Quote Originally Posted by welshmike View Post
    Oh I do so agree about Windows slowdown in general. I've had so many calls from friends and associates needing help to fix such.
    IMO it was a bad design decision to have a registry and the opportunity for applications to mismanage DLLs. Frag of NTFS is well known. Not so with ext4.

    The above plus the origin of Windows being DOS and written as a stand alone opsys with later additions of code to handle networking produced a bodge job of an OS.
    That's why I run a Linux distro; a networking system from its Unix roots
    Currently Ubuntu 12.04 after years starting at 8.04 and holding onto 10.04 until now is coming along nicely for me.

    Despite repeated entreaties my friend is averse to change and going to Ubuntu. Going from XP on his old PC to W7 on a new fast one was enough of a change for him.

    P.S. I'm looking into running Malwarebytes and/or GMER and/or TDSSkiller to see what may be ailing my friend's W7.
    I've had good results with Malware bytes . Please though, ask client whay he cannot move th Ubuntu/ 12.04 LTS

    I some cases, if they are running CAD or Photoshop or some kind of corporate policy then they may not have a choice. But for the basics Ubuntu covers it pretty good,--
    • Browser: Firefox or Chrome
    • e/Mail Thunderbird ( can synch with an IMAP mail server )
    • Office: LibreOffice 4 ( better compatibility w/ msft office now; still needs work )
    • GEdit (text)
    • Images:
      • Gwenview
      • RawTherapie
      • GIMP
      • KolorPaint
      • GScan2PDF
      • pdf shuffle reorganize pages in pdf(s)
      • openshot video edit

    • Music
      • Audacity
      • Audacious
      • Brasereo disk burn
      • VLC DVD player

    • misc
      • searchmonkey
      • ubuntu drop box
      • kazam screencaster
      • krename multiple file rename
      • clipit cut and paste saving program
      • krusader 2 pane file navigator



    local file sharing ( sambda) gets a huge black mark with a score of -50 for Ease of Use . it needs a gui editor to make it configurable and reliable

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •