[ischachus]

I was recently infected with a rootkit and several viruses. It was a bunch of odd name .sys files in my system32/drivers folder. I did a full scan with avast and removed them all. But, after doing that, explorer is now crashing very, very frequently and will freeze my computer for up to a minute or so. As soon as I get explorer back, it immediately crashes again. I literally can not use my computer. This behavior is the same in safe mode. Once I do get explorer up, I get a maximum of 3-5 seconds before it crashes again. I am in a bit of a dilemma because I have a lot of stuff that I want to backup before doing a reformat, since that's the only method that I know to fix this. I want to move all my files to another computer on the network (this one) before doing a reformat. I went into cmd via task manager and shared the C drive by typing "net share mycdrive=c:". This allowed other computers on the network to see my C drive but could not access it due to permission restrictions. So, I went back and typed in "cacls c: \g everyone:f". This allowed network computers to go inside my C drive but not to any of the folders or subfolders for that drive. Now, I do not know of a way to share all folders/subfolders in a drive by a command in cmd, so if anybody knows, that would be very helpful.

So now, I come to these forums for help. I can't reformat because I haven't been able to back my stuff up and I can't do that until I am able to lift these permission restrictions. But if there is another way then reformatting, I would be greatly appreciated to hear the solution.

thanks.

[Advertisements]

rootkits modify the kernel code which can appear invisible in some cases they're the super trojan so to speak. They hide themselves as driver files (*.sys) with random file names to make the system believe they're a needed file by windows. Very malicious. Have you tried getting to command prompt ? even though explorer isn't there hit winflag + R for run prompt, type cmd and press enter then use the following command, sfc /scannow
to replace any corrupt windows files to no avail i would hook up your HD to a secondary system as a slave, backup pictures/music/documents etc.. and do a low level format using something like active kill disk.

[Teddie1]

rootkits modify the kernel code which can appear invisible in some cases they're the super trojan so to speak. They hide themselves as driver files (*.sys) with random file names to make the system believe they're a needed file by windows. Very malicious. Have you tried getting to command prompt ? even though explorer isn't there hit winflag + R for run prompt, type cmd and press enter then use the following command, sfc /scannow
to replace any corrupt windows files to no avail i would hook up your HD to a secondary system as a slave, backup pictures/music/documents etc.. and do a low level format using something like active kill disk.

[sari]

ischacus,

If you had a rootkit, it's quite likely it's still there. Avast by itself would not be enough to get rid of it. I suggest you visit the malware forum and get some help there - we may be able to recover your system to the point that you don't need to format. We have some excellent anti-rootkit tools available to us.


Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.