Posted on 07/01/2009 7:12:27 AM PDT by Oshkalaboomboom
I have a rootkit trace that refuses to go away. Macafee can't delete it. Malwarebytes Antimalware claims to delete it but it's right there as soon as it closes. I find hundreds of references to it via Google but nobody says how to get rid of it and nobody even discusses what it does besides annoy you. My cd burning programs have been disabled so I can't make an alternative OS like BartPE. I can boot off the Windows CD and get into the Recovery console. I use DOS commands to delete the files but they come right back again.
Microsoft has said that there are some infections that can't be fixed. Is this one of them? I can wipe everything out and start over but I'd prefer that to be the last resort, not the first.
The file that won't go away is uacinit.dll It also makes a few copies of itself and a registry key. Has anyone ever successfully deleted this?
I currently have Kubuntu (”Jaunty”), but there was a fatal error bug that was preventing Adept from installing updates. So I downloaded the latest version (I didn’t want to spend hours mucking around trying to figure out how to fix the bug), and it works fine now. I just have to spend the time to get comfortable with Linux, I guess.
Ubuntu is by far the best version of Linux...
The computer I'm using right now is one I bought direct from Dell with Ubuntu factory installed. Since then I've also started using PCLinux (USB Wireless worked without any tinkering on an old HP) and Puppy Linux on really old computers (Not real stable but quite fast on old machines)
Thats a good answer.
I ran combo fix, it found files I didn’t see in the recovery console and deleted them. Now I’ll just have to wait 24 hours and run another scan to see if anything pops up.
For what its worth, google rootrepeal. I use it on occasion to delete core rootkit files, specifically the files that lock the rest down, usually found in the system32 folder.
If you want to FReepmail your CF log, please do. I can tell you if there’s any more nasties left on the system and how to get rid of them. The log should be located at C:\Combofix.txt.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.