Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! Ultradefragger and trojan.Gen.2 removal [Closed]


  • This topic is locked This topic is locked

#76
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
On what file? volsnap.sys maybe?
  • 0

Advertisements


#77
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
not sure - sure i skip cause then at least we can come back to it - rather than attempting to disinfect as it looks like it doesn't want to do - the scan is only 45% finished as it has been stopped on teh decision of this for 4 hours!!
  • 0

#78
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
should not sure! should i skip?
  • 0

#79
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Skip it. It's probably TDL3 rootkit. And there is also new variant of TDL4 rootkit detected by Rogue Killer.

Are you using this computer for banking?
  • 0

#80
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
OK. Skip it. It's probably TDL3 rootkit. And there is also new variant of TDL4 rootkit detected by Rogue Killer.

will do



Are you using this computer for banking?


...not really, but looks as though I certainly won't be ever again!!
  • 0

#81
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
i mainly do banking in store
  • 0

#82
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...the same virus alarm has now come up 3 times does this mean it is in more than 1 place?
  • 0

#83
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Well... it's a rootkit. That means you don't have control over this computer. Computer is compromised.
  • 0

#84
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
...up to 86%
  • 0

#85
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
done! at last!

Attached Files


  • 0

Advertisements


#86
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
though, why does it seem the otl multiplied the threats??
  • 0

#87
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
oh and we skipped that MEM one
  • 0

#88
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
....what is up next? Could you also please tell me why/how my firewall was disabled?
thanks
  • 0

#89
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Could you also please tell me why/how my firewall was disabled?

Your computer is badly infected with rootkit.

1. Preferably from a clean computer, please download the following: gparted-live-0.10.0-3.iso (115 MB)

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.


2. Now, please boot off of the newly created GParted CD. See How to Set BIOS to Boot from CDROM for information on how to boot from the CD.

You should arrive to the following screen:
Posted Image
Press the ENTER key

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and press the ENTER key.

Posted Image
Next, choose your language and press the ENTER key. English is the default setting [33]

Posted Image
Once again, at this prompt, press the ENTER key.

You will now be taken to the main GUI screen below
Posted Image

Please take a picture of this screen (camera or phone pictures will work just fine), and post it here for me to see. It is very important that you complete this step.
  • 0

#90
rdbadger

rdbadger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Am on to it now - another question -
Are the "windows updates" that are coming up along with the firewall to do with the rootkit? As they happened when I hadn't been connected to the internet - I have chosen not to update, just in case - what do you think?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP