Help Generic Rootkit d!Rootkit

  AngelicAngel 09:15 06 Jun 2009
Locked

Hi There

My son has managed to get the trojan Genric Rootkit d!Rootkit embedded on his laptop. He is running a Dell Inspiron 1545 Vista Home Premium SP1 with McAfee Netprotect security. Unfortunately I've been left to try and sort out the machine but am not having much luck.What happens is this not everytime but more often than not the laptop blue screens and crashes only allowing me to enter into safe mode (this I can do no problems). It also hijacks search pages on the internet so for example if I click on a link in google it takes me to some random page that I haven't asked for.I have run virus scans in both safe mode which detected 2 generic rootkit d!rootkits it says it has deleted them but it hasn't because if I scan again there are still detected. Running the virusscan in normal mode doesn't pick any infection up. I am unable to install Malwarebytes onto the machine. I've tried downloading and saving it to desktop from another PC and transferring it via disc and also USB key but it doesn't open when I get it onto the infected laptop. I have also tried running it as administrator and also renaming it as suggested on another forum before saving the downloaded file. But nothing. It won't open. I did manage to get Ad aware onto the machine but it won't update and it gets stuck when it starts to scan the E drive (which is a partition on the laptop). I'm starting to pull my hair out with this one so if anyone has any ideas it would be greatly appreciated. If you need anymore info please just ask.

  Taff™ 09:40 06 Jun 2009

This infection may well be hiding in system restore points but let`s try a couple of options. Boot into safe mode and try to install malwarebytes - I can`t remember if you can do that but worth a try. Option two is to use system restore to a time before the infection, again from safe mode.

  AngelicAngel 09:44 06 Jun 2009

Hi Thanks for the quick response. Unfortunately I've tried both these options. He's only has the laptop 3 weeks and not one of the system restore points works. I've tried installing malwarebytes in safe mode but it has the same effect. Installs but won't just won't update or run. Have tried installing it about 5 times so far but always the same.

  Taff™ 09:49 06 Jun 2009

It sounds like it`s blocking any known programs that might remove it but let`s try asquared click here or superantispyware click here If system restore doesn`t work you might as well turn it off which will remove all restore points and where it might be hiding. Reboot the computer after this. Let me know if you get redirected away from either of those links by the way.

  User-1229748 09:56 06 Jun 2009

if all other help fails,as he has only had it for three weeks,is there anything on there that he can't do without if you were to perform a system recovery?

  birdface 10:01 06 Jun 2009

See if you can get this one on to the computer.it is a pay for version with a 30 day trial but it will remove anything that it finds.[if it asks for payment just ignore it and carry on with the scan.

click here

I am not saying it will clean your computer completely it might.But it will let you update and run the rest of your security programs.

  feb 10:22 06 Jun 2009

Change the name of Malwarebytes to something else, but keep the .exe in the file type.

You may have to go into the malwarebytes folder and change the names in there also.

  crosstrainer 10:27 06 Jun 2009

Taff on this one, but run malwarebytes in safe mode if you can.

If not (and he ha only had it 3 weeks) You could use the inbuilt system restore, to remove everything and put the lappy back to an "out of the box" scenario.

  mocha 13:35 06 Jun 2009

Hi AngelicAngel,

Try Sophos Anti-rootkit it's free and removes rootkits.

click here

Good Luck.

  AngelicAngel 13:51 06 Jun 2009

Thanks to all for all your suggestions. Upon booting up the infected laptop this morning it went straight to safe mode with networking. I managed to download Trojan Remover as suggested by buteman. On running the scan it picked up a rootkit file suspiciously hidden and then several other registry entries which were also suspicious (details saying hijacking of websites) ((which is exactly what was happening). I've restarted the laptop and it all loaded as normal so far. Have now managed to also get Malwarebytes onto the laptop and it has now updated and is running a full scan. Fingers crossed Trojan remover has found those pesky files.
Many thanks again to everyone for all your help it really is appreciated by me and especially my son (wait til he gets home I'll be ranting at him about being more careful..lol)

  crosstrainer 14:38 06 Jun 2009

I would let him do it again....

And then provide 0 help


Learining is a tough curve! :))

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

See mcbess's iconic style animated for Mercedes-Benz

iPhone X news: Release date, price, new features & specs

Black Friday 2017 : date, sites participants & bonnes affaires