How to fix my own thing after infection with a rootkit

[Gamezertruth]

How to fix my own thing after rootkit infection?Note that there is something strange in the Start menu

This is the suspicious message, which is found in the Start menu.

Code: [Select]

removes your laptop or notebook computer from a docking station

[Shane]

Never heard of a rootkit putting that int he start menu.

Did you run the malwarebytes anti rootkit tool yet?

Shane

[Gamezertruth]

Never heard of a rootkit putting that int he start menu.

Did you run the malwarebytes anti rootkit tool yet?

Shane

No,  should run this thing? 

[Shane]

Wont hurt

http://www.malwarebytes.org/products/mbar/

Shane

[Gamezertruth]

Wont hurt

http://www.malwarebytes.org/products/mbar/

Shane

no malware Found  so what i can do?

[Shane]

Sounds like your fine then bud.

Windows does have docking station support, it is possible Windows put that shortcut there.

Shane

[Gamezertruth]

Sounds like your fine then bud.

Windows does have docking station support, it is possible Windows put that shortcut there.

Shane

Good, but this is the first time that I see such a thing!But Firefox has a problem with Hotspot Shield program and every time I turn my Hotspot Shield on Then get a pop-up Web pages and seems like a malicious pages and I also noted the web asks me to enter my information in order to unlock my computer?

This is weird.

http://www.youtube.com/watch?v=wuSIKzDLnbg

[Rick]

Does it happen when your logged in as Adm?

[Gamezertruth]

Does it happen when your logged in as Adm?

same thing

[Rick]

could you try this? forget the fact it says for XP, get inside ok

http://support.microsoft.com/kb/308577

[Gamezertruth]

How to access Administrator rights In normal mode?

[Rick]

net user administrator /active:yes

Warning; Hackers Should be careful!

[Gamezertruth]

could you try this? forget the fact it says for XP, get inside ok

http://support.microsoft.com/kb/308577

No need for it!Because this was due to a rootkit virus 

[Gamezertruth]

Never heard of a rootkit putting that int he start menu.

Did you run the malwarebytes anti rootkit tool yet?

Shane

Now I'm sure this was due to a rootkit virus!So what do you think?  http://support.emsisoft.com/topic/11563-explorerexe-virus/?p=77886

[Rick]

Have you tried running "hijack this" and autoruns?

see what it finds? be sure run in adminstrator mode

[Gamezertruth]

This is what I do always like I run these tools!Clicking on the analysis and kill all the startup items 

[Rick]

I found that autoexterminator is useful too;

has that had any impact.

did you identfiy what rootkit virus you had?

[Gamezertruth]

I have asked one of the experts, but he does not know what kind of rootkit virus that I'm infected with!
So what can I do now?

[Shane]

If you have a rootkit that is brand new and no scanners can detect it yet then your stuck doing a reinstall to get rid of it bud.

This is just one of the many reasons I cant stand rootkits.

Shane

[Rick]

first off, you mention that it put some nonsense in the start menu?

The name of that file?

Where does it reside in your system?
Looked at the registry key to confirm it does or does not link to any other areas?

searched hidden files for the name of the file in the start menu?

[Gamezertruth]

first off, you mention that it put some nonsense in the start menu?

The name of that file?

Where does it reside in your system?
Looked at the registry key to confirm it does or does not link to any other areas?

searched hidden files for the name of the file in the start menu?

yeah, That's right!, This is what appears to me when I put the mouse on the icon.

http://www.tweaking.com/forums/index.php/topic,1184.msg7899.html#msg7899

see my video. and icon name is undock computer

http://www.tweaking.com/forums/index.php/topic,1184.msg8000.html#msg8000


undock computer Elements found in the Registry
Did not find any items in hidden files

[Gamezertruth]

If you have a rootkit that is brand new and no scanners can detect it yet then your stuck doing a reinstall to get rid of it bud.

This is just one of the many reasons I cant stand rootkits.

Shane

I will do so in the next few days 

Thanks for the advice

[Rick]

Ok, you know where the bad stuff is in the registry; A new install, I wouldn't go that far just yet...

I would, export each registry key to a folder on my desktop, then I would consult with shane abdelete each key...
out deleting each key and restart the computer to see the results.

I would also verify each function of the links in the registry and also delete each file it points too
if you have or they point to other areas in your registry using this as an example but filled with code like {0000-0000-0000000-0000000} then go to that key and se where it points to and export it also and then delete it.

I can not see that video because I am here in china and youtube just isn't avaiable here. if you can capture some key screen elements and post them back here?

Also, it will be interesting to see the key strings, I think even shane will want to know what they are too..

their is another program on ubunta called rootkitty, have you heard of? try to download and run it using the method they suggests.. it seems viable option to finding any root kit problems... "I have never used it so I am afraid I can not comment except that in your case, I WOULD TRY IT!

 A new install, I wouldn't go that far just yet...

[Rick]

does this work? try it

[Gamezertruth]

here my file.. check it!