[blackhack]

After fifteen years on the net the bastards finally got me....
I thought it was strange when I started getting porn pages appearing that I never clicked on (This time anyway ) and strange results when using Google search and did a sweep with AVG internet security...Sure enough there was the pesky varmit hiding in the temp file,(Funny how it missed it when it came in ?) deleted it and ran another sweep and then found a program called antimalware doctor (??) telling me that I'm infected.
I never installed the bloody thing in the first place...

To cut a long story short....ran a anti virus scan again and cleared it out only to find it reappear on the next boot...Into the registry to find it hiding in various places..removed...deleted the temp file cache and cleared out windows restore, only to find it came back on the next reboot
I can see the C drive in explorer but it was hidden in disk management so I couldn't re-format it and when I decided to re-install windows it couldn't find C drive.
After 16 hours of trial and error, I finally managed to get myself back up and running with a clean install...another five hours to do an in depth scan with Malwarebytes and that's it sorted....

All I have to do now is spend a couple of hours re-installing my music player/video player/software etc


moral of this story....No matter how good you think you are you can never be too careful on the net.....

[sennapod]

imo, essential bits to have:

1. WinPatrol (Plus,if you want)
2. Good Hosts file, I use HostsMan with updates from MVPS hosts & Peter Lowe's Adservers list to update within the app. (i know chip, i know :-)
Easy to update and adding additional entries.
3. Using Opera as preferred browser, with Fanboy's Adblock List for Opera.

[JohnWho]

Good tools to use would be combofix & gmer.

Combofix can remove a lot of nasty sh!t and gmer can find a lot of root kits and other crap.

I only use these tools and what combofix don't find i identify with GMER and remove it by restoring infected files through the repair console.

[chip4brains]

[JohnC]

They got me the other day as well - very similar scenario. But how dumb am I - they got me TWICE!

Mine got in via an unpatch Java insecurity - there was a thing in the rtay annoying me to update JRE but I had ignored it coz I don't use Java apps. Then I visited a website somewhere and saw a Java alert, but clicked "cancel" - but the nasty got inside anyway (exploit - wouldn't have mattered what I clicked at the alert).

It wasn't a download - simply loaded from an advert banner on a warez site or something similar.

Used ComboFix and Gmer - the first time. The trick is to get rid of the rootkit - or it just comes back again. AV, Malwarebuytes, etc only remove the symptom, but not the cause (the rootkit).

The second time they caught me I did the same Combofix + Gmer, then a Windows Repair installation.

If you even need to fix windows, google "windows repair installation" - there is a trick to it, pressing R at the correct time, and saying "no" to Windiows Repair Console (which is useless).

[JohnWho]