Posted on 07/01/2009 7:12:27 AM PDT by Oshkalaboomboom
I have a rootkit trace that refuses to go away. Macafee can't delete it. Malwarebytes Antimalware claims to delete it but it's right there as soon as it closes. I find hundreds of references to it via Google but nobody says how to get rid of it and nobody even discusses what it does besides annoy you. My cd burning programs have been disabled so I can't make an alternative OS like BartPE. I can boot off the Windows CD and get into the Recovery console. I use DOS commands to delete the files but they come right back again.
Microsoft has said that there are some infections that can't be fixed. Is this one of them? I can wipe everything out and start over but I'd prefer that to be the last resort, not the first.
The file that won't go away is uacinit.dll It also makes a few copies of itself and a registry key. Has anyone ever successfully deleted this?
use windows defender
windows malicious software remover (MRT) worked for me. You might be able to download it form Microsoft and update it. I like defender also.
Get a Mac. You won’t have this problem.
Watch where you go and what you download to remove this. For the past three years this type of extortion ware has been infecting computers with false spyware removal programs and fake Anti-virus programs. THe authors who seem to be in China also put up fake websites advertising removal tools that just re-infect the computer.
Normally you can find the removal instructions on Symantec, McAfee, Trendmicro, AVG, F-Secure or one of the other Anti-Virus vendor websites. Also Microsoft’s Malware removal tool has been known to remove this type of infection.
http://www.softwarepatch.com/windows/microsoftvirusremoval.html
This has interesting non-technical things you should do, in addition to getting the technical problem fixed: http://www.bleepingcomputer.com/forums/topic227700.html
I’d hit it.
You probably need to put the hard drive in an external case, and then attach via USB or Firewire to a second system. Then, mount your drive, go into the location, remove the file, etc.
If you know the day of the infection erase every file that was made that day.
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
-----------------------------------------------------------
* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall
9. Please restart your PC, check how its running.
The last time I had something like this a few weeks ago it was like described here. It just kept self replicating. Did you try combofix? That is what fixed it for me.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
I thought this was a thread about prez Obeyme....
Get Root !
Download.com has a couple hundred thousand free downloads. AVG free 8.5 is a good choice if you can find it. They want you to buy the other program but keep going to AVG free. I have used it for years and it is better than norton, and the others I have used.
The most recent updates for MalwareBytes are able to remove this. Be sure you download updates before you run MBytes.
As for Combofix (CF), it may or may not totally remove the infection. When CF produces a log post-run, a lot of times there's additional rogue DLL, DAT, EXE, etc. files to remove, in addition to rogue drivers/services, which may have been missed on the first run.
The only way to get rid of those is to write a custom script in Notepad and then drag the Notepad file into the CF icon on your desktop, so CF can proceed with the custom fix.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.