PDA

View Full Version : HELP!!! Rootkit attack


skaught
03-24-09, 04:23 PM
My computer is acting like a real asshole. I ran avira and it said I have the following:
TR/Crypt.xpack.gen
TR/Dropper.gen
Win32Rootkit.tdss

It says it found them and what would I like to do with them. I choose either delete or quarantine, and then it says I have to restart. I click ok, and it restarts but doesn't finish restarting, freezes halfway through, I force a shutdown and it again will freeze, force shutdown 1 more time before throwing the bastard out the window and then it finally starts up. Run avira again and they all still appear to be there. I tried running Ad-Aware and it piked up the rootkit but also doesn't seem to remove it, just suggests a shutdown and then when restarted freezes. I'm at my wits end! HELP! What do I do?
MacGyver1968
03-24-09, 04:47 PM
You might try a little program called "combofix.exe". It's available at bleepingcomputer.com...or just google it.
Dr Mabuse
03-24-09, 04:52 PM
My computer is acting like a real asshole. I ran avira and it said I have the following:
TR/Crypt.xpack.gen
TR/Dropper.gen
Win32Rootkit.tdss

It says it found them and what would I like to do with them. I choose either delete or quarantine, and then it says I have to restart. I click ok, and it restarts but doesn't finish restarting, freezes halfway through, I force a shutdown and it again will freeze, force shutdown 1 more time before throwing the bastard out the window and then it finally starts up. Run avira again and they all still appear to be there. I tried running Ad-Aware and it piked up the rootkit but also doesn't seem to remove it, just suggests a shutdown and then when restarted freezes. I'm at my wits end! HELP! What do I do?

Are you running the free Avira or Avira Premium?
skaught
03-24-09, 04:53 PM
Are you running the free Avira or Avira Premium?

The free one
S.A.M.
03-24-09, 05:45 PM
format drive.
skaught
03-24-09, 06:01 PM
format drive.

No way! Just did that like a month ago :grumble:
Enmos
03-24-09, 07:02 PM
I just had a startling insight.. SAM = Draqon :eek:
draqon
03-24-09, 07:10 PM
I just had a startling insight.. SAM = Draqon :eek:

no, but we share common beliefs and goals.
draqon
03-24-09, 07:10 PM
I suggest you try AVG, its free after all. Maybe it will remove the thing.
But yeah...this feels like its there to stay...
skaught
03-24-09, 08:31 PM
I think I may have pinned the bastard with Macs help.
PsychoTropicPuppy
03-25-09, 03:18 PM
full scan with http://www.malwarebytes.org/ and http://superantispyware.com/