Help! How Do You Remove Rootkit Malware on Windows 8?

Help!

I'm currently doing research on this malware and so far I see that it is pretty nasty. Luckily for me, I don't have anything that is super personal on this PC. I just know that it is stealthy and it is able to trash your PC by putting in other malware undetected. I detected the virus when doing a McAfee scan and it slows down and gets stuck when it detects "Rootkit". I found out that the virus is put on through a direct attack due to some vulnerability of a password or something. My computer was acting really strange last night and really slow but now it's back to normal speed. I also know that whoever is behind this virus can have complete control of this PC.

Please, any help is very much appreciated and please make it immediate if you can.

I'll go back to doing more research. :(

Tags: Malware

Views: 462

Replies are closed for this discussion.

Replies to This Discussion

You will find plenty of software vendors eager to provide a "solution" but once a host is rooted the only way to be certain of regaining control is reinstalling the operating system, preferably onto a formatted drive that has no partitions from the previous installation. No security software gets everything, but a clean installation absolutely does.

In brief:

1. Copy your personal files, data, email, bookmarks onto a USB drive and set it aside.
2. Reinstall Windows 8 from the recovery DVD or recovery partition that came with the PC. (It's pure agony for me as a Linux user to suggest installing Windows 8, but I did it.)
3. Install a free virus scanner (or two) from CNET Downloads.
4. Plug in your USB drive, scan it for viruses, and when it's clean, copy your data over to the PC.
5. Install whatever other software you had.

This takes about 1 or 2 hours, depending on how much data you have and how fast your computer is.

Note that it's unlikely anyone is attempting to trash your PC. More likely it's been added to a botnet (which steals processing power and disk space and uses them for things like DDoS attacks, or storing pirated software and child pornography).

I second everything GM said. I avoid commercial anti-virus/security software because so much of it is just bloatware, sometimes even as bad as a virus. (Although I did like ESET's stuff last time I used it, a couple years ago, even as it costs $.) Microsoft's built-in security software is pretty good now, but it still behooves you to become more aware of the danger of clicking on links and running strange apps unless you know you can trust them. Some rootkits are not even detectable, once they've installed themselves.

I would first run a Malware Scan using Malwarebytes Free. Then run this Rootkit remover from Sophos. One of these will most likely fix the problem.

If not, try a system restore.

To restore your PC to an earlier point in time with Win8.

  1. Swipe in from the right edge of the screen, and then tap Search. (If you're using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then click Search.)
  2. Enter Control Panel in the search box, and tap or click Control Panel.
  3. Enter Recovery in the Control Panel search box, and then tap or click Recovery.
  4. Tap or click Open System Restore, and then follow the instructions.

If it is still not working then do as Gallup suggested above.

Rootkits run as soon as the computer system boots, even before windows starts. This makes it possible for them to hide themselves from any form of windows malware detection. The only way to make sure a rootkit gets removed is to boot the system up on a known good disk (i.e. other than the infected hard drive), and run an extensive cleanup of the infected hard drive.

A windows install disk (e.g. CD or DVD) is an example of such a bootable disk, and there are other, non-windows bootable CD/DVD disks that are used for the same purpose. (I forgot the name of those non-windows, bootable systems! GM, do you remember any?) The problem with using them is that they require a bit more expertise, but there's years worth of expertise on forums available for help, assuming you can maintain a separate means of internet access (e.g. another computer) during the repair.

Sorry to recommend such a painful solution, but when it comes to rootkits, a "probable" fix can sometimes become more painful that the sure fix.

I don't mind being corrected, since I haven't messed with Win 8 or rootkit issues for a couple of years now, and my expertise may be out of date. At least it's a good place here to discuss misperceptions, right? (Meanwhlie, Malwarebytes is probably still good software to have and run periodically!)

Here is a list of bootable anti virus CDs; also any linux distro will do, you only need to install ClamAV.

Rootkits run as soon as the computer system boots, even before windows starts. This makes it possible for them to hide themselves from any form of windows malware detection.

This is true. Once you're rooted all bets are off. You can't trust anything the computer tells you. Nothing. It can all be faked. Rootkits are getting more sophisticated all the time. Some disable or impersonate system restores and antivirus scanners.

The only way to make sure a rootkit gets removed is to boot the system up on a known good disk (i.e. other than the infected hard drive), and run an extensive cleanup of the infected hard drive.

This can be effective, but really, the only way to be sure is a clean install. Read up on rootkits and you'll find this opinion is common among information security experts.

No virus scanner detects everything. And with encryption becoming the norm in Windows and with rootkits starting to use encryption to evade detection, even a boot disk AV scanner is questionable. How does it scan an encrypted file system?

It gives me the willies. I just wouldn't have my peace of mind without a clean install. Then again, if I were a Windows 8 user instead of an Ubuntu 12.4 user, I would never be anything less than 1408 times as paranoid.

A windows install disk (e.g. CD or DVD) is an example of such a bootable disk, and there are other, non-windows bootable CD/DVD disks that are used for the same purpose. (I forgot the name of those non-windows, bootable systems! GM, do you remember any?)

Cesar's handy list above is good if you decide to go this route, but I disagree about using ClamAV for rootkit detection and removal. It's worth trying if you have a bootable Linux CD or USB around, just to see if it works, but it wouldn't be my 'go to' solution over the Kaspersky or BitDefender bootables. ClamAV has a history of poor performance in rootkit detection, although admittedly I haven't seen any recent testing.

The problem with using them is that they require a bit more expertise, but there's years worth of expertise on forums available for help, assuming you can maintain a separate means of internet access (e.g. another computer) during the repair. Sorry to recommend such a painful solution, but when it comes to rootkits, a "probable" fix can sometimes become more painful that the sure fix.

I think so too. Every problem has more than one solution. I'm not saying a fresh OS install is the only legitimate one, but I do think it's the only certain one, in addition to being relatively quick, direct, and among the least painfully 'technical'.

Hirens is useful and you can make a boot cd or USB with it.

Thanks for the advice guys. I did what I could and now it's functioning normal again.

RSS

Services we love!

We are in love with our Amazon

Book Store!

Gadget Nerd? Check out Giz Gad!

Advertise with ThinkAtheist.com

In need a of a professional web site? Check out the good folks at Clear Space Media

© 2014   Created by umar.

Badges  |  Report an Issue  |  Terms of Service