Virus. PLEASE HELP! - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

Virus. PLEASE HELP!

woz Avatar
7y, 5m agoPosted 7 years, 5 months ago
Hi,
In most cases I know what to do to remove spyware and viruses etc but on this occasion there is one that will just not remove.

It is not an option to format the PC as no operating disc nor drivers, however I do know that this would be the best method.

After many attempts I managed to get some spyware to open and run (malware bytes and spybot wouldn't install and then when they did install they did not open (part of the virus)

I have since managed to get these two apps to run and they have removed a lot however there is one virus that keeps coming back, its called Trojan.fake alert.

The PC is run in safemode, malwarebytes detects the virus and says the PC needs to restart to finish removal. But after the restart I can with malware bytes and its back again.

This is really beginning to irriate me now. System restore has been disabled and then re-enabled etc, new points set and so on but NOTHING is fixing this issue for me.

I have tried Spybot, AdAware, SuperAntiSpyware, AVG, Bit Defender Online scanner and also tried the combo fix and sdfix to no avail :

I think it may be some form of rootkit

Please help :)

Woz
woz Avatar
7y, 5m agoPosted 7 years, 5 months ago
Options

All Comments

(14) Jump to unreadPost a comment
Comments/page:
#2
i had this bloody pain its a root kit trogan dropper every time you reboot it re instals its self before windows starts i tried every virus and rootkit removal program out there but none wotked i ended up abandoning the system for new instal
#3
Have you tried running malwarebytes with system restore disbled as viruses can hide there and reinstall when restartedm
#4


Thanks but I had been to the google on the first time, this is where I found all these apps etc and other peoples ideas on how to remove it but no joy
#5
Look for a proggie called rootrepeal.exe - its freeware and is good at removing rootkits (be careful though).

Any help needed get back to me. I had a client with a rootkit problem a few weeks back - same symptoms as what you had, malwarebytes and spybot would install but not run. Twas the rootkit that was blocking them ;-)
#6
Download combofix disable system restore and run the program
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
#7
bo19991
Download combofix disable system restore and run the program
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Last few words of the original post m8... hes already tried combofix ;-)
Combofix on its own will not touch rootkits, if it is one.
#8
When virus's dont allow programmes to run, simply rename them and they should be good to go.
#9
im gonna try malware from my vista and scan the infected xp drive and see what that does
#10
angelkelly
When virus's dont allow programmes to run, simply rename them and they should be good to go.


Not always so im afraid... i tried to rename malware on the last one i had to do but it was still blocked by the rootkit. Only way that opened it up was by using rootrepeal.

PS. malware does not always clean 100%. I find its best to use malware in combination with something like spybot to get the best results. I go for malwarebytes first then spybot in that order. Both are freeware to a certain extent anyway and do the job most of the time (except if rootkits are present).
#11
tonyg1962
Have you tried running malwarebytes with system restore disbled as viruses can hide there and reinstall when restartedm


Squelds
Look for a proggie called rootrepeal.exe - its freeware and is good at removing rootkits (be careful though).

Any help needed get back to me. I had a client with a rootkit problem a few weeks back - same symptoms as what you had, malwarebytes and spybot would install but not run. Twas the rootkit that was blocking them ;-)


Hey guys, thanks for getting back to me.

I have disabled system restore and ran malware bytes after i had disabled it however it detects it, says it will remove on next boot but I did another scan and it again found it after 1 min.

I have just ran rootappeal and did a scan but nothing came up as such? Lots of .sys files. I did actually use this app as well before and it did detect a highlighted red sys file, which I couldnt seem to remove, but that is not showing at all anymore.

I coudln't run the apps at one point but when i downloaded them as saved the exe as different names, some worked some not but fortuantely i was able to remove that part of the virus.

Just this now....anymore help?

Thanks a lot so far
1 Like #12
When you run rootrepeal there shouldnt be any .sys files. sys files usually indicate the problems.

However you may be running it incorrectly. Start it up then at the tab at the bottom of its screen click on 'PROCESSES' and do a scan. If you are scanning under 'FILES' or 'DRIVERS' then you may get loads of sys files that are legitimate files. Processes like windows processes are things that get loaded into memory at boot - any other files shouldnt matter to you as this virus is remanifesting itself at boot. Do this and see what happens under the processes tab then come back here and post results.

EDIT. after running rootrepeal DO NOT reboot machine at this stage - just post results and we'll go from there.
#13
Hi thanks a lot for your help, I'll add rep for your efforts but I'm afraid nothing worked. As it happens I managed to get hold of a recovery disc for my pc and ran that. Completely clean now. That was a bad virus!

Thanks again
#14
Most probs saves a lot of hastle ;-)

Some can be a real bitch to get rid of... can take hours and hours to get a result. Least it saved you even more hastle your end by recovery.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!