Removing Mysterious Infections
Posted on: January 3rd, 2011
Our recent cases of infected computers show that more and more of them use hidden components to escape from detection. These hidden components are called Rootkits.
A Rootkit enables the attacker to have privileged access to your computer which he/she can use to control your computer or load more unwanted software. Conventional anti-viruses are not always able to detect rootkits.
Presence of Rootkits are usually accompanied by unusual behavior, such as:
Even though your antivirus might show the computer is clean but if you notice the above (especially the first 2 phenomena) then chances are that your computer has one or more Rootkits hiding outside the reach of your Antivirus.
There are two fairly easy to use tools that you can use to tackle these pests.
Norton Power Eraser
The Norton Power Eraser uses an aggressive method of scanning and therefore should only be used as a last resort when you suspect rootkit activity on your computer. You can download and read more about the uses of the Norton Power Eraser Tool via this link: Norton Power Eraser.
The TDSS Rootkit is the most widespread and most insidious Rootkit which is part of many fake antivirus or adware infections.
Another useful little program that can get rid of rootkits is called TDSSKiller by Kaspersky lab. This is a quick scan that is targeted at specific system files that are normally the attacked by the TDSS Malware. Again, this type of Malware is designed to be able to hide itself from the regular Anti-viruses by intercepting certain system files, or disabling your computer’s anti-virus software. When your computer is infected by this type of Malware, you may have to use a clean computer to download the TDSSKiller to a thumb drive and then run it in “Safe Mode” on the infected computer. You can download the TDSSKiller via the following link: TDSSKiller.
The following steps are a suggested approach that we found to be workable in case of suspected Rootkit Infections:
1. Download TDSSKiller and Norton Power Eraser onto a flashdrive from a clean computer. If you have only one computer then you can try to download them on the infected computer, however the Rootkits might make this impossible.
2. VERY IMPORTANT: Make sure that you have your important information backed up and that the System Restore is running (Read this article if you are unsure on how to check that: Making Sure that the System Restore Works)
3. Start the computer in safe mode (If you don’t know how to do it then here’s an article on it: http://www.pchell.com/support/safemode.shtml)
4. Run TDSSKiller first and follow the prompts until no infections left.
5. Go back to normal mode (restart the computer) and make sure that the computer is able to get online.
6. Run Norton Power Eraser with the Rootkit Scan options. It will restart the computer and then do the scan.
7. Verify that there are no further indications of Rootkit activity and everything is working correctly.
Disclaimer: These are very useful software and might save you from a lot of upset but they are dealing with core system files so there are some slight chance that things go wrong and the computer might not start up properly. So use them with this in mind and always make sure that you have your important information backed up before attempting to run them. Also, it’s not guaranteed that all Rootkits will be found by running these two programs. Most of them will be found though.
Did you find this information useful?
Please consider donating.