Groups

    Virus. PLEASE HELP!

    Hi,
    In most cases I know what to do to remove spyware and viruses etc but on this occasion there is one that will just not remove.

    It is not an option to format the PC as no operating disc nor drivers, however I do know that this would be the best method.

    After many attempts I managed to get some spyware to open and run (malware bytes and spybot wouldn't install and then when they did install they did not open (part of the virus)

    I have since managed to get these two apps to run and they have removed a lot however there is one virus that keeps coming back, its called Trojan.fake alert.

    The PC is run in safemode, malwarebytes detects the virus and says the PC needs to restart to finish removal. But after the restart I can with malware bytes and its back again.

    This is really beginning to irriate me now. System restore has been disabled and then re-enabled etc, new points set and so on but NOTHING is fixing this issue for me.

    I have tried Spybot, AdAware, SuperAntiSpyware, AVG, Bit Defender Online scanner and also tried the combo fix and sdfix to no avail :

    I think it may be some form of rootkit

    Please help

    Woz

    14 Comments

    i had this bloody pain its a root kit trogan dropper every time you reboot it re instals its self before windows starts i tried every virus and rootkit removal program out there but none wotked i ended up abandoning the system for new instal

    Have you tried running malwarebytes with system restore disbled as viruses can hide there and reinstall when restartedm

    Original Poster

    csiman;5616940

    http://www.google.co.uk/search?source=ig&hl=en&rlz=1G1GGLQ_ENXX247&=&q=Trojan.fake+alert&btnG=Google+Search



    Thanks but I had been to the google on the first time, this is where I found all these apps etc and other peoples ideas on how to remove it but no joy

    Look for a proggie called rootrepeal.exe - its freeware and is good at removing rootkits (be careful though).

    Any help needed get back to me. I had a client with a rootkit problem a few weeks back - same symptoms as what you had, malwarebytes and spybot would install but not run. Twas the rootkit that was blocking them ;-)

    bo19991;5617076

    Download combofix disable system restore and run the … Download combofix disable system restore and run the programhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix



    Last few words of the original post m8... hes already tried combofix ;-)
    Combofix on its own will not touch rootkits, if it is one.

    When virus's dont allow programmes to run, simply rename them and they should be good to go.

    im gonna try malware from my vista and scan the infected xp drive and see what that does

    angelkelly;5617110

    When virus's dont allow programmes to run, simply rename them and they … When virus's dont allow programmes to run, simply rename them and they should be good to go.



    Not always so im afraid... i tried to rename malware on the last one i had to do but it was still blocked by the rootkit. Only way that opened it up was by using rootrepeal.

    PS. malware does not always clean 100%. I find its best to use malware in combination with something like spybot to get the best results. I go for malwarebytes first then spybot in that order. Both are freeware to a certain extent anyway and do the job most of the time (except if rootkits are present).

    Original Poster

    tonyg1962;5616951

    Have you tried running malwarebytes with system restore disbled as … Have you tried running malwarebytes with system restore disbled as viruses can hide there and reinstall when restartedm



    Squelds;5617054

    Look for a proggie called rootrepeal.exe - its freeware and is good at … Look for a proggie called rootrepeal.exe - its freeware and is good at removing rootkits (be careful though).Any help needed get back to me. I had a client with a rootkit problem a few weeks back - same symptoms as what you had, malwarebytes and spybot would install but not run. Twas the rootkit that was blocking them ;-)



    Hey guys, thanks for getting back to me.

    I have disabled system restore and ran malware bytes after i had disabled it however it detects it, says it will remove on next boot but I did another scan and it again found it after 1 min.

    I have just ran rootappeal and did a scan but nothing came up as such? Lots of .sys files. I did actually use this app as well before and it did detect a highlighted red sys file, which I couldnt seem to remove, but that is not showing at all anymore.

    I coudln't run the apps at one point but when i downloaded them as saved the exe as different names, some worked some not but fortuantely i was able to remove that part of the virus.

    Just this now....anymore help?

    Thanks a lot so far

    When you run rootrepeal there shouldnt be any .sys files. sys files usually indicate the problems.

    However you may be running it incorrectly. Start it up then at the tab at the bottom of its screen click on 'PROCESSES' and do a scan. If you are scanning under 'FILES' or 'DRIVERS' then you may get loads of sys files that are legitimate files. Processes like windows processes are things that get loaded into memory at boot - any other files shouldnt matter to you as this virus is remanifesting itself at boot. Do this and see what happens under the processes tab then come back here and post results.

    EDIT. after running rootrepeal DO NOT reboot machine at this stage - just post results and we'll go from there.

    Original Poster

    Hi thanks a lot for your help, I'll add rep for your efforts but I'm afraid nothing worked. As it happens I managed to get hold of a recovery disc for my pc and ran that. Completely clean now. That was a bad virus!

    Thanks again

    Most probs saves a lot of hastle ;-)

    Some can be a real bitch to get rid of... can take hours and hours to get a result. Least it saved you even more hastle your end by recovery.
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. Weekly game codes giveaway 182722
      2. Find out how good your GP surgery is1010
      3. Did you know?2951
      4. Sad Gazza anecdote August 8th 2017 - Beyond help?2336

      See more discussions