Malware

Question

Gravatar
Locked

Trojans rootkits and windows /system32 folder

By silverwolf6290 ·
im getting really tired of trying to find out how to fix this... i went to a site called 4chan and like an idiot downloaded a rapidshare file. as soon as i unzipped the file, my computer flooded with trojans, adware, and i think a few rootkits. I have avg free, and now avast! antivirus, as well as spybot search and destroy. system messages keep popping up telling me that my windows system 32 folder is infected, though i dont know if thats adware or if my AV has been hacked. I'm currently using a clean computer to type this, because the performance is being affected on the other one. if the system messages are true, i have at last count over 250 trojans infecting all of the drivers in my system 32 folder. is there any way to fix this? i would really appreciate any help.

btw, the messages say the trojan is rootkit.bs or something

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

See how you go with this

by Jacky Howe In reply to Trojans rootkits and wind ...

Follow the steps below with the System started in Safe Mode with Networking.
<br><br>
Removing malware from System Restore points <br>
To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.
<br><br>
Default Start Menu <br>
If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".
<br><br>
Classic Start Menu <br>
If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".
<br><br>
After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".
<br><br>
Click Start, Run type msconfig and press Enter.
<br>
Now if you have the Configuration Utility open. <br>
Configure selective startup options<br>
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.<br>
Click to clear the Process SYSTEM.INI File check box.<br>
Click to clear the Process WIN.INI File check box.<br>
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.<br>
Click the Services tab.<br>
Click to select the Hide All Microsoft Services check box.<br>
Click Disable All, and then click OK.<br>
When you are prompted, save the settings and restart the PC.<br><br>
When the System is disinfected re-run the Configuration Utility and in the System Configuration Utility dialog box, click the General tab, and then click Normal Startup.<br>
<br>
Download Malwarebytes Anti-Malware, install it and update it.
<br>
http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe
<br><br>

* Double-click mbam-setup.exe and follow the prompts to install the program.<br>
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.<br>
* If an update is found, it will download and install the latest version.<br>
* Once the program has loaded, select Perform Quick Scan, then click Scan.<br>
* When the scan is complete, click OK, then Show Results to view the results.<br>
* Be sure that everything is checked, and click Remove Selected.<br>
<br>
I would keep scanning with it until it is clean by closing out and rebooting and running it again.
<br>
Just to be on the safe side when you finish do an online scan with Bitdefender. Or Google for an online scanner.
<br>
http://www.bitdefender.com/scan8/ie.html
<br><br>
If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM.
<br><br>
From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.
<br><br>
Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.
<br><br>
Download Spybot - Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.html
<br><br>
With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.
<br><br>
Also run this Rootkit Revealer GMer
<br>
http://www.gmer.net/index.php
<br>
FAQ
<br>
http://www.gmer.net/faq.php
<br><br>
BleepingComputer<br>
http://www.bleepingcomputer.com/malware-removal/page/2/
<br><br>
You could also try this AntiVir Removal Tool
<br>
http://www.avira.com/en/support/antivir_removal_tool.html
<br><br>
Update your Antivirus software.
<br>
Let us know how you get on.
</br>

Back to Malware Forum

Start or search

Related Discussions

Related Forums