Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Can this Trojan be deleted?
July 1, 2009 | Oshkalaboomboom

Posted on 07/01/2009 7:12:27 AM PDT by Oshkalaboomboom

I have a rootkit trace that refuses to go away. Macafee can't delete it. Malwarebytes Antimalware claims to delete it but it's right there as soon as it closes. I find hundreds of references to it via Google but nobody says how to get rid of it and nobody even discusses what it does besides annoy you. My cd burning programs have been disabled so I can't make an alternative OS like BartPE. I can boot off the Windows CD and get into the Recovery console. I use DOS commands to delete the files but they come right back again.

Microsoft has said that there are some infections that can't be fixed. Is this one of them? I can wipe everything out and start over but I'd prefer that to be the last resort, not the first.

The file that won't go away is uacinit.dll It also makes a few copies of itself and a registry key. Has anyone ever successfully deleted this?


TOPICS: Computers/Internet
KEYWORDS: lowqualitycrap; malware; rootkit; trojan; virus
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-66 next last

1 posted on 07/01/2009 7:12:27 AM PDT by Oshkalaboomboom
[ Post Reply | Private Reply | View Replies]

To: Oshkalaboomboom

use windows defender


2 posted on 07/01/2009 7:12:56 AM PDT by Perdogg (Sarah Palin-Jim DeMint 2012 - Liz Cheney for Sec of State - Duncan Hunter SecDef)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

windows malicious software remover (MRT) worked for me. You might be able to download it form Microsoft and update it. I like defender also.


3 posted on 07/01/2009 7:16:30 AM PDT by mountainlion (concerned conservative.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

http://beer234.blogspot.com/2009/05/finally-removed-uacinitdll.html


4 posted on 07/01/2009 7:18:48 AM PDT by astyanax (I'm here to spread peace, love and happiness... so get the f*#% out of my way.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

Get a Mac. You won’t have this problem.


5 posted on 07/01/2009 7:18:54 AM PDT by NCC-1701 (ON 1-19-09 GAS WAS, ON AVERAGE IN MEMPHIS, $1.43 A GALLON.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom; rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; ...

6 posted on 07/01/2009 7:19:07 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

Watch where you go and what you download to remove this. For the past three years this type of extortion ware has been infecting computers with false spyware removal programs and fake Anti-virus programs. THe authors who seem to be in China also put up fake websites advertising removal tools that just re-infect the computer.
Normally you can find the removal instructions on Symantec, McAfee, Trendmicro, AVG, F-Secure or one of the other Anti-Virus vendor websites. Also Microsoft’s Malware removal tool has been known to remove this type of infection.

http://www.softwarepatch.com/windows/microsoftvirusremoval.html


7 posted on 07/01/2009 7:21:00 AM PDT by Wooly
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

This has interesting non-technical things you should do, in addition to getting the technical problem fixed: http://www.bleepingcomputer.com/forums/topic227700.html


8 posted on 07/01/2009 7:21:05 AM PDT by Lazamataz (Too sick for words!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

9 posted on 07/01/2009 7:21:05 AM PDT by CholeraJoe (So close to Postal.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CholeraJoe

I’d hit it.


10 posted on 07/01/2009 7:21:42 AM PDT by Lazamataz (Too sick for words!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Oshkalaboomboom

You probably need to put the hard drive in an external case, and then attach via USB or Firewire to a second system. Then, mount your drive, go into the location, remove the file, etc.


11 posted on 07/01/2009 7:22:07 AM PDT by ikka (Brother, you asked for it!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

http://forums.whatthetech.com/HELP_I_can_t_remove_uacinit_dll_t104263.html


12 posted on 07/01/2009 7:23:39 AM PDT by JoeProBono (A closed mouth gathers no feet)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

If you know the day of the infection erase every file that was made that day.


13 posted on 07/01/2009 7:27:20 AM PDT by Nateman (If liberals aren't screaming you're doing it wrong.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom
Trust me, this is the only way (to even begin to start) removing this particular infection.

Follow these steps below. Warning: don't do this unless you're the original poster.

Download ComboFix from here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:



3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
-----------------------------------------------------------
* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall
9. Please restart your PC, check how its running.

14 posted on 07/01/2009 7:27:53 AM PDT by library user
[ Post Reply | Private Reply | To 1 | View Replies]

To: mountainlion

The last time I had something like this a few weeks ago it was like described here. It just kept self replicating. Did you try combofix? That is what fixed it for me.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


15 posted on 07/01/2009 7:30:29 AM PDT by Chronic (Freedom isn't Free \m/ 0(-_-)0 \m/ Chronic--Never Gives UP!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Oshkalaboomboom

I thought this was a thread about prez Obeyme....


16 posted on 07/01/2009 7:31:26 AM PDT by newfreep ("Liberalism is just Communism sold by the drink." - P.J. O'Rourke)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom
Get Root !

17 posted on 07/01/2009 7:31:33 AM PDT by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

Download.com has a couple hundred thousand free downloads. AVG free 8.5 is a good choice if you can find it. They want you to buy the other program but keep going to AVG free. I have used it for years and it is better than norton, and the others I have used.


18 posted on 07/01/2009 7:32:47 AM PDT by mountainlion (concerned conservative.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oshkalaboomboom

The most recent updates for MalwareBytes are able to remove this. Be sure you download updates before you run MBytes.


19 posted on 07/01/2009 7:34:29 AM PDT by around the world
[ Post Reply | Private Reply | To 1 | View Replies]

To: Chronic
Also, if anyone has problems getting Malwarebytes to download and run, there's a relatively new tool called "Randmbam" which randomly renames the file during download, so the chances of getting it to run increase ten-fold. It's right here, if you want to try it out.

RANDMBAM.

As for Combofix (CF), it may or may not totally remove the infection. When CF produces a log post-run, a lot of times there's additional rogue DLL, DAT, EXE, etc. files to remove, in addition to rogue drivers/services, which may have been missed on the first run.

The only way to get rid of those is to write a custom script in Notepad and then drag the Notepad file into the CF icon on your desktop, so CF can proceed with the custom fix.

20 posted on 07/01/2009 7:39:16 AM PDT by library user
[ Post Reply | Private Reply | To 15 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-66 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson