What should I do?
Posted on 07/01/2009 7:12:27 AM PDT by Oshkalaboomboom
I have a rootkit trace that refuses to go away. Macafee can't delete it. Malwarebytes Antimalware claims to delete it but it's right there as soon as it closes. I find hundreds of references to it via Google but nobody says how to get rid of it and nobody even discusses what it does besides annoy you. My cd burning programs have been disabled so I can't make an alternative OS like BartPE. I can boot off the Windows CD and get into the Recovery console. I use DOS commands to delete the files but they come right back again.
Microsoft has said that there are some infections that can't be fixed. Is this one of them? I can wipe everything out and start over but I'd prefer that to be the last resort, not the first.
The file that won't go away is uacinit.dll It also makes a few copies of itself and a registry key. Has anyone ever successfully deleted this?
In a heartbeat, on her big fat....I mean, no I wouldn’t.
What should I do?
I think you're fibbing. You clearly got on the wrong side of Admin Moderator and got zotted!
Call ServPro. “Like it never even happened.”
Reformatting got rid of the problem and cleaned up two years worth of crap on the hard drive. The system runs faster and I think it was worth it.
As a small business owner who deals with this for a living, I’d say: do a reload. Save all your data on an external drive, then reload all your operating systems and programs. Then update them all.
You may never be able to find out where you got it, but be sure to have antivirus, spyware, and malware detector programs on your system and keep them up to date. If you don’t have all of them, get them.
Of course, you could always call a pro if you don’t have a spare 6 to 8 hours ;)
Many times some viruses will effectively go into ‘hide’ mode and reassert themselves after running a virus cleaner by pulling new code from the web. When you run a virus cleaner, update the cleaner to make sure you have all the latest and greatest virus-killing love, and then disconnect your computer from the internet. Run the virus cleaner. Reboot and run it again. Then reconnect to the internet and run it a third time to see if it still detects the virus.
I do have all of my data on a separate drive from the OS, it’s more the pain of reloading all of the programs. I use 3 different scanners and it beat all of them. Even the remote scanner on Trend Micro doesn’t get rid of it.
Yep, the pain of reloads ... that gets me a lot of work. least you know enough to know what you’re doing. Good luck..some of those suckers are worse than lampreys.
One little trick the virus writers used almost made me format my hard drive in exasperation. They created a registry entry under a certain user name that would replicate the virus then deleted that user.
I tried all the above (Malwarebytes, ComboFix, etc...) following the directions to the letter and they would do everything but could not delete the registry entry that would replicate the virus. I finally nailed down the the hex signature of this virus registry entry, found it in the registry and tried to delete it as the Administrator but it would not delete. I had to change the permissions of the virus entry first, then I was able to delete the virus registry entry. ***DISCLAIMER*** be VERY careful when dealing with the registry. Be sure you have it backed up and be sure you only delete the virus registry key.
I have one that killed my mouse in windows I went to ubuntu instead.
But I still want to go back to windows. I just cannot get the mouse to work or kill the virus.
First get Hijack this and run it
Second download Spybot, update it and use the immunize button. After that let it run in advanced mode so you can clear everything.
If you are on Vista you will need to run Spybot as an Administrator. After installing, right click on the program or shortcut, you will see, about the third command down, “Run as Administrator”. Run it from there doing the same things as above.
Turn off your internet connection.
Next, download F-prot, update. Turn off your computer and then run F-prot.
Turn off your internet connection.
Once F-prot completes, reboot.
Star in safe mode, if you don’t know what that is, then boot as you normally do.
Turn off the internet to your computer again and Open Spybot(as Administrator) with not window or browsers open, Immunize again. Then run Spybot in advanced mode.
Run F-prot at the same time to save time.
problem should resolve. If it doesn’t go to the board at Safer-Networking and look around. You can probably use the search function to find others who have had similar problems and see how they resolved.
Good luck
Sorry, I meant for you to download ComboFix.exe. Run that not Hijack this.
All the other instructions are fine.
wow. Good thing MS-windows is so much easier to use than Linux!
I run 2 computers — one strictly for Internet use (Linux) and the other (Windows XP) for everything else. I’m running Ubuntu Linux right now and have no worries about viruses, corrupted registries or the need to buy AV software. Ubuntu is by far the best version of Linux that I have found, and unlike the Mac, it is free.
I have Vista as dual boot on one of the three computers I have. I hate it. Only use it because ESPN decides to use proprietary technology to run ESPN360, and then, I only use it during football/baskeball season. Too slow, too buggy, too bloated.
They say Windows 7 will be a lot better, but I’m not going to mess with what works for me. Ubuntu seems to get better with every version, and it costs me nothing.
Has any virus researcher figured out exactly what this variant is supposed to do?
I also get the feeling that I’m missing some other component. Obviously something is recreating uacinit.dll every time it’s deleted. Is it the registry key? I can’t run regedit from the recovery console (actually you can’t run much of anything from it, it’s very limited). So does waiting for safe mode give the registry time to recreate the .dll, which recreates the registry key, etc.?
The only disadvantage with new Linux releases are the bugs. Do you stick with a stable release, or do you upgrade when it becomes available?
Yep, that was us.
I used to stick with a stable release when I used other distros. A lot were unpolished and had a lot of bugs, and it took some time to get it right, so I didn’t want to go through that any sooner than I had to.
I’ve experienced very few bugs with Ubuntu. Far fewer problems overall than with Windows, and all were very minor. And, each release seems to get better and better in that regard.
Most times, I’ll upgrade with each release just because I like to have a whole system with updated software. But, it’s never been “necessary” for me to reinstall due to a problem.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.