5777 seems not to remove First4Internet Rootkit

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

A scan of my PC detects and cleans F4IRootkit, as it should. However
repeated scans continue to detect it in the same location. Can someone
explain why, and if I am "clean" or not?

Thanks
Chris
 
Chris said:
A scan of my PC detects and cleans F4IRootkit, as it should. However
repeated scans continue to detect it in the same location. Can someone
explain why, and if I am "clean" or not?
Click to expand...

Alert the MS Anti-Malware team;
http://blogs.technet.com/antimalware/default.aspx

Download and run HijackThis;
(http://aumha.org/downloads/hijackthis.zip)
Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)
Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.
*Note, registration is required prior to posting a log.
- Not listed in any particular order -
(http://aumha.net/viewforum.php?f=30)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/security)
(http://castlecops.com/forum67.html)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)
(http://forum.iamnotageek.com/f-130.html)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.
 
Chris - what's happening? Have you tried this detection and removal with
the 5779 signatures, by any chance?
 
Chris said:
A scan of my PC detects and cleans F4IRootkit, as it should. However
repeated scans continue to detect it in the same location. Can someone
explain why, and if I am "clean" or not?
Click to expand...

Chris,
Update to the "5779" defs released today - run a full scan in Safe Mode
and post back your findings.
FAQ how to boot into Safe Mode: http://snipurl.com/5vbi

If no joy, manual removal instructions;
http://www.bleepingcomputer.com/forums/topic34904.html

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.
 
Bill,

Yes, 5779 removed the spyware. Now, how about the other Sony spyware
(Sunncomm MediaMax).

Thanks,

Chris
 
Terrific--glad to hear that (even though this message took 8 DAYS to move
from the HTML servers to the NNTP servers where I read it...)

And I agree with you--they need to examine and consider the Sunncomm stuff
for removal as well.

--
 
Back
Top