A Problem Rootkit Virus on My Computer

[jimmydasaint]

During my search of a normal website, I clicked to check out some of their podcasts. Within seconds, my AVG antivirus came up with a list of folders that had become infected with a Trojan virus. The first was a Trojan Ramnit-E. What was worse, the AVG antivirus became infected and I had to replace it with Avast antivirus. The second virus seemed to be a rootkit virus and, after loading itself over my Sygate firewall with ease, the computer shut down and restarted. I could not restore the system back to a pre-infection date.

 

I understand that rootkit viruses can 'hide' inside the OS leaving a 'back door' for the hacker to remove. I cannot remove it even after using Sophos anti-rootkit. However, after a scan the Sophos anti rootkit declared that it was inadvisable to delete rootkits installed on the computer. Even MS Windows advised that their anti rootkit software was making operating systems unstable.

 

So am I stuck with a root kit virus which cannot be deleted from my system?

 

Or are there any solutions?

Edited December 28, 2010 by jimmydasaint

[Zolar V]

i actually had a similar problem not to long ago. the rootkit wouldn't allow me to delete it. I was/am running windows 7 (sooo that made it all the harder to do ANYTHING, especially with such low ram on this netbook) Anyways i was on microshits tech support for around a few hrs when i finally convinced the guy to ftp me the original unadulterated file. we deleted the infected file and put the original file in its place.

 

when i rebooted windows came to a repair console for a quick second, we weren't sure if the original file took, or if windows had reverted to a previous save point. either way it worked.

 

I tried many different anti rootkit programs and was coming up with a similar dilemma to you, except the rootkit programs weren't able to delete the file, so i had to do it manually.

 

 

might be a point to add that my windows 7 pro is umm, how you say "torrented." it seemed microsoft was non the wiser either. i was getting regular updates and everything it was totally legit.. but build 7600 found out much to my dismay >.>

[insane_alien]

what you need to do is format your harddrive and reinstall.

 

its the only way to be sure you've cleaned out a compromised system.

 

if you feel it necessary to salvage some files from the old system, get a liveCD with an AV installed on it and scan the hell out of every file you want to recover. if it comes up tainted, it's gone.

[Cap'n Refsmmat]

You should try restarting the computer in Safe Mode and re-running your antivirus software. Some instructions:

 

http://www.computerhope.com/issues/chsafe.htm

 

Also in safe mode, you should make backups of your important data to an external disk. Don't use that external disk in any computer if you can avoid it -- it might end up spreading the virus. If all else fails, you can reinstall Windows and copy the data back, after you've done a complete Windows update and run antivirus scans on the data.

[StringJunky]

It's best to rescue any data you want and then reinstall everything. Next time round when you've reinstalled your system learn and get into the habit of making images of your system then you won't have to go through the hassle of reinstalling your whole system again. I use Macrium Reflect...here's a link to a tutorial about it and download link for it.

 

http://www.howtogeek.com/howto/7363/macrium-reflect-is-a-free-and-easy-to-use-backup-utility/