Rootkit str.sys
in [Viruses]
|
Prev: Is axel.dav a virus?
Next: khq virus
From: russg on 9 Dec 2009 22:22 snip > > What was "awwufouer.sys" identified as ? > > See:http://www.threatexpert.com/report.aspx?md5=03c8db77f600c5473cb90c650... > > http://www.threatexpert.com/report.aspx?md5=39a01ca6d77a4a9f1d3380cb6... > > Both are relative to a Rustock which is a Rootkit and str.sys > > A wipe and re-install *may* be in order if you feel comfortable with it. > awwufouer.sys was identified and subsequently removed by the AVG AntiRK. It was identified as a hidden file in the C:\windows\system32\drivers directory. I don't have a log of that, but it had two entries, one may have been as a 'driver'. I may be making progress. The full scan MBAM identifies no rootkits now. Identifies file rogue.installer and infected registry key spyware.passwords. MBAM says it removed them. Now I'll see if F11 can enter the recovery consol, but won't try that just yet. I'll reboot a few times and re- run MBAM.
From: russg on 9 Dec 2009 22:53 Talked to grandson. We believe he got infected 'mixing' and downloading MP3s at www.jamglue.com. He wants a clean computer, so, if we get his 4 gigs of music off the laptop, he's willing to recover it. I believe we may have it cleaned, however. Several reboots and re- scans and maybe.
From: The Central Scrutinizer on 10 Dec 2009 01:37 Just do a wipe and reinstall and be done with it... -- "russg" <russgilb(a)sbcglobal.net> wrote in message news:ff626291-caf5-4d98-938b-ae093522f59b(a)j24g2000yqa.googlegroups.com... > Talked to grandson. We believe he got infected 'mixing' and > downloading MP3s at www.jamglue.com. > He wants a clean computer, so, if we get his 4 gigs of music off the > laptop, he's willing to > recover it. > I believe we may have it cleaned, however. Several reboots and re- > scans and maybe.
From: russg on 10 Dec 2009 13:41 On Dec 9, 9:59 pm, "FromTheRafters" <erra...(a)nomail.afraid.org> wrote: > "russg" <russg...(a)sbcglobal.net> wrote in message > > news:57d0a793-34f8-410c-bd77-acacdef47b98(a)g12g2000yqa.googlegroups.com... > > I don't know how to download AVG update and install it. I can't > update from the infected computer as it has no internet right now, > the old wireless adapter he busted and the built in one > doesn't work (Compaq laptop, running Vista). > I haven't used Multi-AV lately, the problem isn't > that I can't find infected files. > > *** > > Oh, I see. Of course there *is* a difference between 'can't find > infected files' and 'infected files are hidden' when rootkits are > involved (no need to hide code within a file if the file itself can be > hidden from the scanners). > > In many cases the rootkit must be gone before any file scanner can be > effective. > > Good luck with the anti-rootkits you use. I believe it is done. The AVG Anti-Rootkit worked, along with MBAM in getting rid of other stuff. I've rebooted and re-scanned with MBAM, both full scan and quick scan, safe and normal mode scans, reports clean. Thanks for the help, it was almost as quick as being on the phone.
From: FromTheRafters on 10 Dec 2009 18:34
"russg" <russgilb(a)sbcglobal.net> wrote in message news:23f5fd2a-d71b-401e-83bc-d03b5a579f5b(a)r24g2000yqd.googlegroups.com... On Dec 9, 9:59 pm, "FromTheRafters" <erra...(a)nomail.afraid.org> wrote: > "russg" <russg...(a)sbcglobal.net> wrote in message > > news:57d0a793-34f8-410c-bd77-acacdef47b98(a)g12g2000yqa.googlegroups.com... > > I don't know how to download AVG update and install it. I can't > update from the infected computer as it has no internet right now, > the old wireless adapter he busted and the built in one > doesn't work (Compaq laptop, running Vista). > I haven't used Multi-AV lately, the problem isn't > that I can't find infected files. > > *** > > Oh, I see. Of course there *is* a difference between 'can't find > infected files' and 'infected files are hidden' when rootkits are > involved (no need to hide code within a file if the file itself can be > hidden from the scanners). > > In many cases the rootkit must be gone before any file scanner can be > effective. > > Good luck with the anti-rootkits you use. I believe it is done. The AVG Anti-Rootkit worked, along with MBAM in getting rid of other stuff. I've rebooted and re-scanned with MBAM, both full scan and quick scan, safe and normal mode scans, reports clean. Thanks for the help, it was almost as quick as being on the phone. *** Glad to hear you've gotten it cleaned. "Flatten and Rebuild" is not always necessary, but everyone should (IMO) have it planned out so that it is the easiest route - certainly having a recent known good disk image handy makes recovery by this drastic method much less daunting. A little planning ahead and this type of recovery becomes easier than a, perhaps, cleaning with all of these good tools. Something to consider anyways - and it works for harddrive malfunctions too (let's see a 'cleaner' do that!). *** |