Rootkit infection in SYSTEM (PID 4) [Solved]
Started by
stemoc
, Apr 21 2013 07:33 PM
#31
Posted 06 May 2013 - 09:32 AM
#32
Posted 07 May 2013 - 11:34 PM
have you seen the logs in my previous reply from a tool that deals with kernel manipulation? i'm now 100% sure there may be more than one infection, a rootkit and a bootkit. A rootkit that has patched a system file such as atapi.sys or disk.sys and a bootkit since its able to hook itself in safemode as well as via Windows Vista installation disc boot..not sure how reformatting my drive will kill a bootkit..but i'm not willing to take that risk incase it comes back...this is why i'm trying to find out what i have so that i can figure out where it may have come from to prevent future infections....not knowing what i have could potentially kill my HDD and backup is not a good idea at this moment sicne not knowing what it is and where it is stored could cause it o return after a full reformat by attaching itself to a known and commonly used executable file like firefox.exe or even winlogon.exe..
#33
Posted 08 May 2013 - 11:33 AM
If you fully format the drive prior to reinstallation there is no way that I am aware of that the virus would survive. And as it stands that would be your only option.
#34
Posted 08 May 2013 - 07:10 PM
The worst part is not knowing what i have, I thought talking to over a dozen malware experts, someone would be able to explain what that hidden process is but uptil now, no one even knows..reformatting should never be the only option in cases like this...I'm sort of tired of doing everyone's "run this test, then run this test" and not getting any answers whatsoever.....I though if this is a new or evolved version of a root/bootkit, then the experts would be intrigued and will try to find out what it is...only to boost their own knowledge if they ever encounter something similar or worse in the future...
#35
Posted 09 May 2013 - 12:23 PM
Unfortunately without actual access to the machine all we can do is run the scans that are available, and if nothing shows there, there is little we can do
#36
Posted 21 May 2013 - 05:26 AM
well that was a dud, just like xpud (NPI), my computer ignored the DrWebLiveCD and just continued to start normal windows.....i actually saved up a few dollars to top up my data to download this..another waste test..tried it 10 times via boot menu and bios...still nothing...
#37
Posted 21 May 2013 - 12:21 PM
I would recommend a re-install then as we can get no meaningful data from it
#38
Posted 04 June 2013 - 07:36 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users