UniversalTechSupport
Welcome To UniversalTechSupport

ROOTKIT removal

Go down

ROOTKIT removal

Post by Admin on Wed Nov 13, 2013 11:53 pm



ROOTKIT:

A rootkit is a stealthy type of malicious software designed to hide the existence of certain processes or programs from normal methods of detection and enable contiued previliages to access the computer.
Symptoms of rootkit -
Issues when visiting some web sites
Google redirection
Unable to update security software
Unable to download files from certain websites
Unknown process running in task manager
Slow computer performance

Steps to Manually remove a rootkit:

Step1: Open msconfig and enable bootlog.

In XP, start-run -msconfig -open ‘boot.ini’ tab – check ‘bootlog’
In Vista and 7, start – msconfig – open ‘boot.ini’ tab – check ‘bootlog’

Step2: Restart the computer

Step3: Open C:WINDOWS or C:WINNT and open ntbtlog.
Search for the files starting with the following names. It may be followed by some random alphabets. For e.g. In my computer, I had ‘GASFKYOBWUBRFT.SYS’

(Note: Below are the most common root kits which are creating issues now a day. As time passes by, the list of infections will increase)

rot
gas
gaopdx
seneka

win32k.sys
uacd
tdss
tdss
kungsf
gxvxc
ovsfth
msqp
ndisp
msivx
skynet

Also get the path of the file name which in my computer is C:WINDOWS/system32/drivers.

Step4: In the command prompt, disable file permission using CACLS command
For e.g., open cmd and type
cacls C:WINDOWSsystem32drivers GASFKYOBWUBRFT.SYS /d everyone
(/d everyone denies permission to the files for all users)

Step5: Restart the computer

Step6: Search for the file in the following location and remove it
C:WINDOWS or C:WINNT
C:WINDOWS – system32
C:WINDOWS – system32 – drivers
Registry
Clear the temp, %temp% and prefetch folders






Admin
Admin

Posts : 181
Join date : 2013-11-13

View user profile http://universaltechsupport.4rumer.com

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum