Hey guys. I have a rootkit that is kicking my ass.
It resets my computer when I scan it with gmer in safe mode.
Also, I have scanned my pc with malware bytes while in safe mode. The virus appeared for half a second in malware bytes and then my computer reset itself. Now when I run malware bytes it doesn't appear in threats detected.
I have a FRST report but I have no idea what to do with it. Can anyone assist?
Caleb Gray
Hi Sup Forums I need your help with a rootkit that is kicking my ass. I have tried the following solutions, with no successful results.
I ran malware bytes and eset while in safe mode with networking. This actually detected the rootkit, but my system reset itself within seconds of detecting the rootkit. After the reset, malwarebytes and eset no longer detects the rootkit. They do detect PUP and driver files that the kit is placing on my machine. deleting these are useless because they just come back.
I have also tried to use GMER while in safe mode. This results in a reset whenever GMER scans my sys 32.
In addition to that I have tried FRST scan. Which gives me a report, but I have no idea what to do with it.
Can anyone assist me with this?
Luis Garcia
bump
Wyatt Watson
Dude just copy important files you need and reformat your box.
Sebastian Martin
At that point I'd just reformat.
Jaxon Howard
Ugh, okay.
Asher Brown
>i have a rootkit copy critical files to external storage. completely wipe system drive (really you should wipe every drive persistently connected to the infected computer). reinstall os and copy files back from external storage.
Lucas Jenkins
Okay, i'm moving all my pictures over to a USB. I have new drives I wanted to move my raid to anyways. FUCK this sucks. All this because my cunt wife installed Sims 4 from a torrent.
Noah Kelly
>I share my computer >I share my computer with a woman Well there's your issue, OP
Justin Myers
Install Gentoo
Charles Morris
>Gentoo why?
Evan Wilson
Remove the infected drive, connect it to a clean PC and then run your scanners from the there.
Jack Nelson
Wouldn't that potentially fuck up the clean PC?
Christian Jones
This. Why are people so retarded?
Justin Lee
Treat the infected disk as data only. Don't run anything from it,
Caleb Fisher
Oh, I see. Any scan software you recommend other than the ones I already tried?
Gavin Walker
Yes, that is a very real risk. Which is why the proper way to do this is to have a bootable linux USB which you can inspect the drive from safely. But this is only really worth it if you can't reformat for some mysterious reason. Attempting to render an install safe after it has been infected is often very difficult and time consuming. It's easy to miss something and AV software is pretty much all mediocre to terrible (combination of AV being very hard problem to solve and shoddy work by AV vendors).
>Don't run anything from it This is a common misconception. There are many exploits which abuse automatic system processes, ex: thumbnail generation.
Charles Young
Ok, so you're suggesting I boot to a Linux USB drive and run scan software on the other drives from there?
Brody Stewart
Use an antivirus livecd. They are gnu+linux based but run the same db as their windows version.
Samuel Powell
ok thanks guys, i already solved the issue
Gavin Ortiz
Reseat ram to wipe it. Lots of rootkits are in the ram
Nolan Morgan
>>being this autistic.
Jacob Perry
This isn't OP... I have not solved it.
Luis Collins
I will try this tomorrow, thank you.
Jaxson Bell
You gave your wife admin permissions!?
Ian Flores
This, the rootkit can't interrupt the scans if it doesn't get the chance to run.
Kevin Watson
I see AVG stopped offering a virus scanning ISO. You could try Kaspersky Rescue Disk, if you trust em.
Cameron Turner
>my cunt wife WHAT DID YOU CALLED ME!? FUCK YOU JEFF, I'M LEAVING YOU WITH KIDS, CUNT!
Jack Williams
>I have no backup XD
Joshua James
>not using emnisoft malwarebytes is pretty mediocre these days, there is much better out there.
Lucas Foster
Get the Kaspersky rescue disc from their website (it's an up-to-date scanner you boot from, free).
Jeremiah Sanchez
>Install Gentoo
Adam Bailey
>boot linux usb >delete bad things >????? >Profit
Liam Martinez
>Change rootkit with another one
Jayden Davis
Came to say this.
/thread
Aiden Perez
Combofix.
Or reformat
Jack Green
awesome, thanks
Josiah Cooper
Remember that booting an infected OS is always a waste of time.
It's always better to format and re-install the operating system. Anti-malware is rarely useful.
James Cox
This. It's impossible to know if the infection is every really gone, unless you nuke the system from orbit. It could be hiding in some random ass system .dll, and anti-virus only gets you so far.
Kevin Cruz
Scanning within Windows is futile for a bad infection. Any time I have to clean a friend or family members AIDS riddled PC I use a combo of Bitdefender rescue image and Dr. Web CureIt! on bootable USB drives. I prefer to use Linux Live USB to create the bootable drives, but Rufus works too.
Cameron Harris
Is sims 4 any good?
Jeremiah Jenkins
This is always the answer. That and install Gentoo after the reformat. There aren't a whole lot of self perpetuating rootkits written for Gentoo.
Oliver Ross
Honestly how do people get into these situations. I don't store any "files" (like personal pics, porn, media, shit like that) on my main desktop. It's all just on some networked pentium 4 computer mapped as a network drive. If I needed to reinstall windows it'd just take me an afternoon of installing shit like notepad++.
Brandon Lee
this always works, trust me
Camden Richardson
I'm the real OP and my issue has been fixed How do I mark this thread as [Solved]?