Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit infection in SYSTEM (PID 4) [Solved]


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As that driver is boot and there is no associated file for it then at this stage without an outside AV scan there is little that can be done
  • 0

Advertisements


#32
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
have you seen the logs in my previous reply from a tool that deals with kernel manipulation? i'm now 100% sure there may be more than one infection, a rootkit and a bootkit. A rootkit that has patched a system file such as atapi.sys or disk.sys and a bootkit since its able to hook itself in safemode as well as via Windows Vista installation disc boot..not sure how reformatting my drive will kill a bootkit..but i'm not willing to take that risk incase it comes back...this is why i'm trying to find out what i have so that i can figure out where it may have come from to prevent future infections....not knowing what i have could potentially kill my HDD and backup is not a good idea at this moment sicne not knowing what it is and where it is stored could cause it o return after a full reformat by attaching itself to a known and commonly used executable file like firefox.exe or even winlogon.exe..
  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you fully format the drive prior to reinstallation there is no way that I am aware of that the virus would survive. And as it stands that would be your only option.
  • 0

#34
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The worst part is not knowing what i have, I thought talking to over a dozen malware experts, someone would be able to explain what that hidden process is but uptil now, no one even knows..reformatting should never be the only option in cases like this...I'm sort of tired of doing everyone's "run this test, then run this test" and not getting any answers whatsoever.....I though if this is a new or evolved version of a root/bootkit, then the experts would be intrigued and will try to find out what it is...only to boost their own knowledge if they ever encounter something similar or worse in the future...
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately without actual access to the machine all we can do is run the scans that are available, and if nothing shows there, there is little we can do
  • 0

#36
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
well that was a dud, just like xpud (NPI), my computer ignored the DrWebLiveCD and just continued to start normal windows.....i actually saved up a few dollars to top up my data to download this..another waste test..tried it 10 times via boot menu and bios...still nothing...
  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would recommend a re-install then as we can get no meaningful data from it
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP