Crazy virus rootkit madness Win32/Agent.ODC - Calgarypuck Forums - The Unofficial Calgary Flames Fan Community

Hack&Lube · 04-04-2009, 11:00 AM

So somehow I've just gotten a rootkit infecting my system, it's resident in memory and might even be in the boot sector. I didn't do anything other than open an attached Jpeg file from a friend that I thought was corrupted.

I'm having major problems with this. ESET NOT detects it but it cannot clean it. Both my Malwarebytes and Spybot S&D won't execute when I run them because this thing blocks them. I have tried Gmer in safe mode to detect the rootkits and it finds several entries but they are greyed out and there are no options to delete the services.

Rathji · 04-04-2009, 11:09 AM

Try hijack this!

Just be careful. You can screw your registry if you don't know what you are doing.

rbochan · 04-04-2009, 12:12 PM

It might be a tumor.

Bobblehead · 04-06-2009, 09:16 AM

Did you get this solved, H&L ?

llama64 · 04-06-2009, 10:05 AM

Buy a Mac.

j/k... Root kits suck.

Cliche · 04-06-2009, 11:05 AM

Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.

Yeah, for cases like this, it'd probably be best to just nuke everything and reload it.

Alternatively if you are really determined to eliminate this, then booting the system from another place(EG. Winpe) and running virus tools on the affected drive should work.

Bobblehead · 04-06-2009, 11:36 AM

It is things like this that makes me consider buying a version of Arconis for home. Then something (anything) bad happens and instead of a rebuild just do a restore.

Kipper is King · 04-06-2009, 12:31 PM

Why don't we just exterminate all computer viruses?

Hack&Lube · 04-07-2009, 10:15 AM

Quote:

Originally Posted by Bobblehead

It is things like this that makes me consider buying a version of Arconis for home. Then something (anything) bad happens and instead of a rebuild just do a restore.

I actually do have Arconis, but I also have my entire harddrive mirrored on an external harddrive in an enclosure. If my first harddrive fails, I plug my enclosure into esata and I boot my computer from it.

Regarding this rootkit, after a lot of googling, it looks like a lot of people got it around the end of march and seeing as how many of my antivirus programs didn't even catch or cure it, I suspect a lot of people might have it. Most sites recommended using GMER to detect and remove rootkits. GMER found them but it couldn't remove them in my case.

Eventually, I downloaded the latest combofix and renamed it to rootkitssuckass.exe and that got rid of the main problem. I was then able to run malwarebytes in safemode after 3 reboots to take care of the rest.

woob · 04-07-2009, 10:52 AM

Quote:

Originally Posted by Hack&Lube

Eventually, I downloaded the latest combofix and renamed it to rootkitssuckass.exe and that got rid of the main problem. I was then able to run malwarebytes in safemode after 3 reboots to take care of the rest.

Gotta love combofix!! Many times it has gotten me out of a bind when dealing with crap, often resolving the issues, or like you, being the big first stepping stone in the process.