I got couple of questions, if the root kit was there since 2012, why the computer ran fine, till I got infected with Snap Do?
Rootkits are designed to be hidden. That's part of the nefariousness of them, they hide on your machine, using as little resources as possible to conceal their presence while they do their dirty deeds.
The text in the quote box is from a write up about rootkits:
The goal of a malicious rootkit is to provide an attacker or malicious code with a permanent, undetectable presence on a computer. Typically, this involves hiding the presence of resources such as processes, files, registry keys, and open ports that are being used by the malicious entity.
That rootkit would have remained hidden after the SnapDo infection was gone if not for the problems with Chrome. My instructor saw in one of ESET logs that the machine had been infected in 2012 and had me run TDSSKiller. That's why we were able to find it.
My second question is I have another computer with Windows 7, 3rd gen i7 processor. What kind of anti virus and malware/root kit prevention kit that you recommend. An open source or a free one. I am now skeptical of Microsoft's ability.
I personally use a combination of programs for protecting my machine. I use Avast as my antivirus, and I also use Malwarebytes Anti-Malware for an additional layer of protection. I also have a custom Hosts file that will not let my machine go to known malware related sites. I've provided instructions below for you if you'd like to use that program to install a custom hosts file.
I'm also providing you with a program to prevent a new ransomware program called CryptoLocker from getting control of your machine.
Do not, however, use more than one antivirus on your machine. That's a case of more is not better. Multiple anti-virus programs use up system resources, and can give false positives.Here's a few tips to help protect your while browsing:
Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
Be careful of the websites you visit.
When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.
To help protect yourself while on the web, I recommend you read How did I get infected in the first place? A warning about CryptoLocker
CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.
Please download and install CryptoPrevent
to lock your machine down from this infection.
Create a custom Hosts FileHost File Reset/Replace:
Please Download HostsXpert
and unzip it to your computer, somewhere where you can find it. The root of the system drive would be a ideal location EG: C:\
- Double click on HostsXpert.exe to launch the programme.
- Check to see if top button on left hand side says Make Writeable?
- If it does. click on it then proceed to next instruction.
- If not, just proceed to next instruction
- Click on Restore MS Hosts File to restore your Hosts file to its default condition
- When prompted to confirm, click OK.
- Click on the Download button (lower left hand side)
- Click on MVPs Hosts... button.
- Click on Replace button.
- Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
- When finished.
- Click on File Handling button.
- Click on Make Read Only? to secure it against infection.
- Exit the programme.
My final question is, I see you are student. I also want to learn how to fix Malware and rootkit related problem. How do I do that in Geek University? What's the procedure? How long usually does the course take? Can I do it at my own pace? I am going to school also, so I cannot put a lot of time, but will try to put some decent amount of time.
We need all the malware fighters we can get.
Here's a link to everything you need to know about applying to Geek U. The course is designed for you work at your own pace, so I can't really tell you how long it takes. It varies from student to student. Check out the link below to read all about it and apply.http://www.geekstogo.com/geeku/
Any further questions or issues I can help with?