Virus. PLEASE HELP!

14
Found 29th Jun 2009
Hi,
In most cases I know what to do to remove spyware and viruses etc but on this occasion there is one that will just not remove.

It is not an option to format the PC as no operating disc nor drivers, however I do know that this would be the best method.

After many attempts I managed to get some spyware to open and run (malware bytes and spybot wouldn't install and then when they did install they did not open (part of the virus)

I have since managed to get these two apps to run and they have removed a lot however there is one virus that keeps coming back, its called Trojan.fake alert.

The PC is run in safemode, malwarebytes detects the virus and says the PC needs to restart to finish removal. But after the restart I can with malware bytes and its back again.

This is really beginning to irriate me now. System restore has been disabled and then re-enabled etc, new points set and so on but NOTHING is fixing this issue for me.

I have tried Spybot, AdAware, SuperAntiSpyware, AVG, Bit Defender Online scanner and also tried the combo fix and sdfix to no avail :

I think it may be some form of rootkit

Please help

Woz

  1. Misc
Groups
  1. Misc
14 Comments

i had this bloody pain its a root kit trogan dropper every time you reboot it re instals its self before windows starts i tried every virus and rootkit removal program out there but none wotked i ended up abandoning the system for new instal

Have you tried running malwarebytes with system restore disbled as viruses can hide there and reinstall when restartedm

Original Poster

csiman;5616940

http://www.google.co.uk/search?source=ig&hl=en&rlz=1G1GGLQ_ENXX247&=&q=Trojan.fake+alert&btnG=Google+Search



Thanks but I had been to the google on the first time, this is where I found all these apps etc and other peoples ideas on how to remove it but no joy

Look for a proggie called rootrepeal.exe - its freeware and is good at removing rootkits (be careful though).

Any help needed get back to me. I had a client with a rootkit problem a few weeks back - same symptoms as what you had, malwarebytes and spybot would install but not run. Twas the rootkit that was blocking them ;-)

bo19991;5617076

Download combofix disable system restore and run the … Download combofix disable system restore and run the programhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix



Last few words of the original post m8... hes already tried combofix ;-)
Combofix on its own will not touch rootkits, if it is one.

When virus's dont allow programmes to run, simply rename them and they should be good to go.

im gonna try malware from my vista and scan the infected xp drive and see what that does

angelkelly;5617110

When virus's dont allow programmes to run, simply rename them and they … When virus's dont allow programmes to run, simply rename them and they should be good to go.



Not always so im afraid... i tried to rename malware on the last one i had to do but it was still blocked by the rootkit. Only way that opened it up was by using rootrepeal.

PS. malware does not always clean 100%. I find its best to use malware in combination with something like spybot to get the best results. I go for malwarebytes first then spybot in that order. Both are freeware to a certain extent anyway and do the job most of the time (except if rootkits are present).

Original Poster

tonyg1962;5616951

Have you tried running malwarebytes with system restore disbled as … Have you tried running malwarebytes with system restore disbled as viruses can hide there and reinstall when restartedm



Squelds;5617054

Look for a proggie called rootrepeal.exe - its freeware and is good at … Look for a proggie called rootrepeal.exe - its freeware and is good at removing rootkits (be careful though).Any help needed get back to me. I had a client with a rootkit problem a few weeks back - same symptoms as what you had, malwarebytes and spybot would install but not run. Twas the rootkit that was blocking them ;-)



Hey guys, thanks for getting back to me.

I have disabled system restore and ran malware bytes after i had disabled it however it detects it, says it will remove on next boot but I did another scan and it again found it after 1 min.

I have just ran rootappeal and did a scan but nothing came up as such? Lots of .sys files. I did actually use this app as well before and it did detect a highlighted red sys file, which I couldnt seem to remove, but that is not showing at all anymore.

I coudln't run the apps at one point but when i downloaded them as saved the exe as different names, some worked some not but fortuantely i was able to remove that part of the virus.

Just this now....anymore help?

Thanks a lot so far

When you run rootrepeal there shouldnt be any .sys files. sys files usually indicate the problems.

However you may be running it incorrectly. Start it up then at the tab at the bottom of its screen click on 'PROCESSES' and do a scan. If you are scanning under 'FILES' or 'DRIVERS' then you may get loads of sys files that are legitimate files. Processes like windows processes are things that get loaded into memory at boot - any other files shouldnt matter to you as this virus is remanifesting itself at boot. Do this and see what happens under the processes tab then come back here and post results.

EDIT. after running rootrepeal DO NOT reboot machine at this stage - just post results and we'll go from there.

Original Poster

Hi thanks a lot for your help, I'll add rep for your efforts but I'm afraid nothing worked. As it happens I managed to get hold of a recovery disc for my pc and ran that. Completely clean now. That was a bad virus!

Thanks again

Most probs saves a lot of hastle ;-)

Some can be a real bitch to get rid of... can take hours and hours to get a result. Least it saved you even more hastle your end by recovery.
Post a comment
Avatar
@
    Text