0 Replies Latest reply on Dec 18, 2009 1:33 PM by jimstick

    bootkit.r!ootkit.exe virus removal

    jimstick

      I am new to this forum, but I want to share an experience I just had with my computer and McAfee. My computer started doing some strange things, all of a sudden, most notably, when I would turn it on, I would receive an error message like, "C:\WINDOWS\system32\services.exe has experienced a problem and needs to shut down", and/or "Generic host process has experienced a problem and needs to shut down", and/or "Services and Controller App has Experienced a problem and needs to shut down", and then I would get a pop up that says "The computer will shut down in 60 seconds", and then the desktop icons would dissappear, I would have no control over the computer, but it would never shut down. Ctrl/Alt/Del would have no effect, and I would have to turn off the power to get it to go off. If it would start up without it shutting itself down, Internet Explorer would not start from the desktop icon. I would have to select Windows Update from the start menu, and then select the home page icon from the toolbar. Also, the Manage Add-ons, and the e-mail buttons in the taskbar, when selected, would suddenly close Internet Explorer. I have Windows XP SP3, IE8, and McAfee Security Suite w/VirusScan 13 installed and Automatic updates turned on. Every time I would run a Virus Scan in McAfee, it would say it found and removed 2 infected files (Trojans) called something like bootkit.r!ootkit. It said it removed them, but I could do another scan and they would still be there. McAfee did not ever remove them. I also found that McAfee event log said a program called Sandboxie Start has tried to access the internet twice. I did not have such a program on my computer. I went to McAfee's web site to see what to do, and I found another forum thread that was similar. The moderator laid out a procedure that included downloading the latest update for the McAfee program and doing a scan in DOS, and some other things, but when I tried to download the file, it said "No Qualifying McAfee Products Found". They wanted me to either buy the latest version of VirusScan PLUS, or pay $90 to have them access my computer and remove it for me. I finally came across another thread that someone suggested downloading Malwarebyte's malware software and running a scan with it. IT WORKED! It found 5 files that were infected, 2 were the Sandboxie Start programs, and the other 3 were Registry keys. It quarantined them, and now my computer works fine. All the problems I was having are gone. It kind of irritates me that I am paying for a software subscription that, although it identified the virus, and said it was removed, and said if I have the most updated version of anti-virus, it should have been removed, it was not. I had to go to a FREE website and download another program to get rid of what McAfee should have never let me get in the first place. I just hope this helps some other poor soul who has experienced this problem, and now will know what to do.

      Jim