Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 17. Jun 2009, 12:57 AM   #1 (permalink)
Senior Member
 
Join Date: Apr 2009
Location: Northern US
Posts: 134
Default Free anti rootkit for safe mode

Does anyone know of a good anti rootkit that will install in safe mode? Is this possible? My friend's computer got a nasty rootkit and will only boot into safe mode. I tried a couple that gizmo recommended but they would'nt load in safe mode. Malwarebytes keeps finding the str.sys . Located in windows/system32/drivers. It keeps coming back after reboot. I'm assuming there are some drivers that were installed that need to be deleted. Any recommendations? Thanks!
prairie dog is offline   Reply With Quote
Old 17. Jun 2009, 02:08 AM   #2 (permalink)
Junior Member
 
Join Date: Jun 2009
Posts: 3
Default

Quote:
Originally Posted by prairie dog View Post
Does anyone know of a good anti rootkit that will install in safe mode? Is this possible? My friend's computer got a nasty rootkit and will only boot into safe mode. I tried a couple that gizmo recommended but they would'nt load in safe mode. Malwarebytes keeps finding the str.sys . Located in windows/system32/drivers. It keeps coming back after reboot. I'm assuming there are some drivers that were installed that need to be deleted. Any recommendations? Thanks!
If you are expecting GIZMO help! - Well! all I Said good luck to you! - This forum too much restrictions,sometime I don't why I got involved with this forum!!!!!!!!
Anthony-Martino is offline   Reply With Quote
Old 17. Jun 2009, 02:55 AM   #3 (permalink)
Senior Member
 
Join Date: Apr 2009
Location: Northern US
Posts: 134
Default

Quote:
Originally Posted by Anthony-Martino View Post
If you are expecting GIZMO help! - Well! all I Said good luck to you! - This forum too much restrictions,sometime I don't why I got involved with this forum!!!!!!!!

UMMM ok. LOL! I love this forum, but thanks for your input. I look forward to hearing some real suggestions.
prairie dog is offline   Reply With Quote
Old 17. Jun 2009, 06:27 AM   #4 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 1,790
Default

Try following this guide: http://www.techsupportalert.com/cont...oval-guide.htm
It may help your friend remove the malware.
If that doesn't work then.. you'll have to look for more alternatives, here's a good list: http://www.techsupportalert.com/cont...list-world.htm
Good luck.
J_L is online now   Reply With Quote
Old 17. Jun 2009, 09:20 AM   #5 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 12,703
Default

Anthony, our forum has some guidelines, and you will have to follow the guidelines.

We do not allow links to direct exe of softwares... we won't allow discussion of cracked softwares, or links to them on sites like rapidshare... we won't allow discussion of softwares, which intend to use a commercial/shareware software, even after its trial period has expired.

We intend to keep the forum clean and fair in all respects. So, if these are restrictions to you, yes, we restrict all these activities which we consider unethical. Hope, you will understand, and co-operate.

There are many users who have been benefiting from this forum, in accordance with these guidelines.

Thanks
__________________
Anupam
Anupam is online now   Reply With Quote
Old 17. Jun 2009, 01:48 PM   #6 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 12,420
Default

Unfortunately with some rootkit infections the only possibility is to reformat.

Before doing so it's important that your friend tries to trace his/her steps back in an attempt to identify the circumstances that enabled the infection in the first place. Then they can make the necessary adjustments to their system components and/or surfing habits to reduce the risk of repeating the event.

It's also vital that anything which is going to be plugged back into the newly formatted machine like pendrives etc. and also checked for infection before use.
__________________
In love with life and desktops
MidnightCowboy is online now   Reply With Quote
Old 17. Jun 2009, 07:44 PM   #7 (permalink)
ako
Guest
 
Posts: n/a
Default

Rootkitty and UBCD4win could help, but this needs some effort. Links:

http://www.techsupportalert.com/cont...list-world.htm

You could also try some AVbootCD:s there.

Last edited by ako; 17. Jun 2009 at 07:46 PM.
  Reply With Quote
Old 17. Jun 2009, 09:50 PM   #8 (permalink)
ako
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by ako View Post
Rootkitty and UBCD4win could help, but this needs some effort. Links:

http://www.techsupportalert.com/cont...list-world.htm

You could also try some AVbootCD:s there.
Moreover, I have tested the portable scanners on the list, that they can be used with UBCD4win.
  Reply With Quote
Old 19. Jun 2009, 12:41 AM   #9 (permalink)
Senior Member
 
Join Date: Apr 2009
Location: Northern US
Posts: 134
Default

Thanks for the replies. I was able to run prevx which showed more of the files that were causing this. Was able to delete these manually and got it running in normal mode again. Ran multiple scans with Prevx, MBAM, SAS, Avira, and Hitman Pro. Avira found a few stragglers, but for the most part, all were ok. Since then all scans have been clean and no issues so far . I am going to have him run Hijack this and post in an appropriate forum just to make sure. Thanks again for all the replies


FYI- Prevx seems to be a great tool for uncovering rootkits.
prairie dog is offline   Reply With Quote
Old 22. Jun 2009, 07:43 PM   #10 (permalink)
ako
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by prairie dog View Post


FYI- Prevx seems to be a great tool for uncovering rootkits.
'

Indeed. I would have recommended it, but wasn't sure if it installs in safe mode.
  Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 11:27 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 PL2