cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 11 of 43

Re: Miserable: Redirect rootkit

Jump to solution

Ok, it's a new day. Thanks for continuing support guys. I need to get hold of a w7 recovery disk, hope it does it's job and see where I am. Then I'll take a look at the advice above.

Will report back later.

Former Member
Not applicable
Report Inappropriate Content
Message 12 of 43

Re: Miserable: Redirect rootkit

Jump to solution

Startup Repair on recovery disc = fail. I have no f****ing idea what I'm supposed to do now. I have no restore points any more and I have no system image to recover from. I have no Windows media. Looking for things to throw.

Former Member
Not applicable
Report Inappropriate Content
Message 13 of 43

Re: Miserable: Redirect rootkit

Jump to solution

In the process of backing up everything under c:\users in anticipation of a Windows reinstall when I can get my hands on a disc (may have to torrent one to my other pc). Any tips/help/ideas gratefully received in the meantime.

Re: Miserable: Redirect rootkit

Jump to solution

Is this what you are looking for newjack?

http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

But note that a 'Repair Install' cannot be done with a system recovery disc.  For that you need the OS installation disc.

.



Message was edited by: Ex_Brit on 30/07/11 8:12:43 EDT AM
Former Member
Not applicable
Report Inappropriate Content
Message 15 of 43

Re: Miserable: Redirect rootkit

Jump to solution

Thanks Peter,I was replying to Hayton on post #6.For some reason the Op had a problem when trying to remove malware.

Message was edited by: newjack on 7/30/11 8:47:50 AM EDT

Re: Miserable: Redirect rootkit

Jump to solution

Ah, OK.  Good luck to one and all.

Former Member
Not applicable
Report Inappropriate Content
Message 17 of 43

Re: Miserable: Redirect rootkit

Jump to solution

Yes I accepted a free trial of Hitman. The option given for the Mbr was Replace (delete for the Adtrackers it found). I chose to fix and reboot won't boot properly since. I get the animated loading screen for a few seconds before a BSOD appears far too fast to read and the thing restarts in Startup Repair mode which fails to repair anything. I can't find any logs or dumps in systemroot. Could you be more specific about a filename?

It's a Dell laptop and I have tried restoring the factory image (available in SR mode when started as Admin- hadn't realised before). Same result: won't boot and BSOD. It didn't seem to be formatting the drive properly though so I did that by hand. Still the same result. Beginning to wonder if the drive is genuinely stuffed and The Hitman hit is a red herring. I can't do a damn thing with this machine and I don't even have the media to try an honest Windows reinstall.

Hayton
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 18 of 43

Re: Miserable: Redirect rootkit

Jump to solution

I'm trying to establish exactly what you did, and why it went wrong. I've downloaded a copy of Hitman Pro and read through the product description on the website, and also read carefully the License Agreement. I haven't yet run it. One thing I note is that this program is not known to McAfee's Hackerwatch system, so I've sent through all the information Hackerwatch was asking for.

Hitman Pro is designed to be a "second opinion" and to be compatible with resident AV programs, so it says. There is though a strong possibility of conflicts with a running McAfee installation.

The license agreement makes it clear that you either agree to a one-off free 30-day trial installation or you accept that by downloading the program you are agreeing to pay SurfRight for using it. If you accept the free version for 30 days you can only scan your system for infections, the free version will not remove anything it finds. So be cautious of accepting at face value any findings from this free scan; you should double-check that any infected files are not false positives by submitting them to VirusTotal for analysis (or to McAfee, if you strongly suspect that the files are indeed malware).

If your downloaded program went from detection to Repair then you have (knowingly or not) installed the not-free version. The files or processes it detected as malicious it will have attempted to remove :

When the file is classified as malicious by the Scan Cloud, the Hitman Pro client is placing the infection into quarantine. Various techniques ensure that all infections are completely removed without false positives.

  • Close handles (e.g. unload DLL from winlogon)
  • Close processes (e.g. winlogon stays)
  • Remove object from disk
  • Schedule object removal using PendingFileRenameOperations
  • Remove references like shortcuts and registry entries
  • Restore standard registry keys to default values (e.g. Userinit)
  • Disable service drivers
  • Deploy native NT bootdelete to remove resilient disk objects
  • After reboot retry removal and rescan to ensure complete removal

By so doing, it may have triggered some preventive action by your McAfee installation. I can't be sure about that. What you say happened was that on reboot you got a BSOD. If that is the case there will be a minidump or kernel dump in your %systemroot% directory, which should throw some light onto the reason for this. Microsoft say that a BSOD simply means that something was trying to write into an area of protected memory, and that 3rd-party drivers are often the culprit.

If you're trying to do a repair installation on Windows 7 then the best person to help you is Ex_Brit, who knows a lot more about W7 than I do. My specialisations don't include that OS.

The problem you originally had (redirects) may well disappear if you do an OS re-install, unless the underlying cause lies outside your system.

Former Member
Not applicable
Report Inappropriate Content
Message 19 of 43

Re: Miserable: Redirect rootkit

Jump to solution

Re  the redirects I'm sure that the source of the problem was on the machine itself. An WinXP Machine on the same router is just fine.

Hayton
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 20 of 43

Re: Miserable: Redirect rootkit

Jump to solution

Could be that the MBR is corrupted. There's something from Microsoft that might fix it - I'll look for it and report back.

Edit - Are you using a dual-boot configuration, or is Windows 7 the only OS on the laptop?

Message was edited by: Hayton on 30/07/11 22:24:36 IST

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community