Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Rootkit.KInject is a sexy new virus. Let's talk about notable viruses we have recently encountered
 
  • Locked thread
MeestarK
Aug 12, 2004
Its cold outside
http://www.virustotal.com/analisis/95f7057960fbc26c9f99e325e8f5d3d1

I'm surprised that NOD32 doesn't detect it, whereas even something crappy likes Windows Live OneCare detects it

* # ¿ Dec 14, 2008 02:23
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 25, 2024 20:56
  • Quote
MeestarK
Aug 12, 2004
Its cold outside
What's the best way to keep my flash drive full of tools used for cleaning systems from getting infected with machines that have malware designed to infect flash drives as well? I figured maybe creating an empty, read-only autorun.ini to prevent that from getting copied over, but anyone have any other ideas?

* # ¿ Apr 17, 2009 23:51
  • Quote
MeestarK
Aug 12, 2004
Its cold outside
I've got one thats probably pushing me towards recommending the flatten/reinstall to the customer. After removing your run of the mill fake AV (Internet Safeguard maybe) and running what seems to be a clean system, I can't run Windows Updates, launch services.msc, get into System Properties, User Accounts, etc. Whenever I try to launch, the window pops up and disappears instantly.

So far rootkit scans have come up clean, but I left it scanning overnight so I'll see what I find in the morning.

* # ¿ Oct 26, 2010 03:35
  • Quote
MeestarK
Aug 12, 2004
Its cold outside

Ted Stevens posted:

Hitman Pro didn't find anything? :10bux: says there's a rootkit on there.

Here's another vote for Hitman Pro. Client's computer was infected with some BS AV program and was talking to some IP in Russia. I ran MWB, MSE, and HijackThis on the computer and GMER, found some trojans, but not that bad. I ran a second scan and everything came up clean. An hour later, I get a call saying it's back. Ran MWB and such to only find a Trojan. Ran Hitman Pro and it found not one, but 2 rootkits. Reinstall time.

Nope, Hitman Pro came up clean as well. :iiam:

* # ¿ Oct 27, 2010 14:48
  • Quote
MeestarK
Aug 12, 2004
Its cold outside
I had TDL3 infect the compbatt.sys but unfortunately TDSSKiller couldn't find it to clean it. However, I have had a lot of success with the tool previous to this one.

* # ¿ Nov 7, 2010 03:27
  • Quote
MeestarK
Aug 12, 2004
Its cold outside
Anyone know of any tools that will auto update flash/java? Seeing if there's anything out there for me to run after cleaning up a system for a customer before I look into making something myself.

* # ¿ Feb 20, 2011 21:42
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 25, 2024 20:56
  • Quote
MeestarK
Aug 12, 2004
Its cold outside

coldsnap posted:

Some friends with a new laptop running Windows 7 have had Windows Media Center take over their computer. After looking at their laptop, it would appear to be a virus, and googling Windows Media Center virus brings up some hits, but nothing definitive.

All the file associations have been changed to open this WMC copycat, Microsoft Security Essentials has been disabled, the Malwarebytes .exe link opens the WMC, etc. The setup for WMC shows that it is not set to load at startup, but of course it does anyway. Can't run msconfig, etc, and it shows there are no restore points.

They did not make a system backup of this Dell laptop, and it does not come with a restore disk. (Makes me like my Asus restore partition even more!) They bought it about 40 days ago at Best Buy, which now wants $200 to fix it for them.

I am really too busy to flatten, reinstall from a Win 7 image and go driver hunting, plus that would get me even deeper into the "can you look at this for me (for free, of course) hole." Basically, if this is an easy fix I will try to help them, otherwise its off to Best Buy for them, I guess.

Anyone have experience with this virus/malware?

Right before Windows starts to load, hit F8 to get to the Repair Your Computer prompt. Once you load into Windows 7 Recovery, you will see an option at the bottom called Dell DataSafe Recovery - this lets you restore the unit back to its original factory image.

* # ¿ Jun 1, 2011 04:54
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Rootkit.KInject is a sexy new virus. Let's talk about notable viruses we have recently encountered