Remove-Malware.com » Malware

Removing Rootkit.Boot.SST.a leaves you with unbootable Windows 7

malwarekilla — Mon, 14 May 2012 20:56:29 +0000

Last night I had to deal with one very nasty rootkit. It’s called Rootkit.Boot.SST.a. Removing the rootkit is pretty easy (used the kaspersky rescue disk), however after it’s removed Windows 7 becomes unbootable and you’re left with a 0x0000007b. If you try to use a Windows 7 disc to repair the mbr using bootrec.exe [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Removing Rootkit.Boot.SST.a leaves you with unbootable Windows 7

Picture of Rootkit that Prevents Windows 7 from Loading

malwarekilla — Thu, 26 Apr 2012 15:09:52 +0000

Following up on my last post, here’s a picture of the rootkit that causes Windows 7 to lockup / freeze.

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Picture of Rootkit that Prevents Windows 7 from Loading

Rootkit Causes Windows Not To Boot – Freezes at Windows Load Screen

malwarekilla — Thu, 26 Apr 2012 14:20:32 +0000

Hi Guys, just an FYI here. I’ve had 3 rootkits this week that prevent Windows 7 from loading. Basically when you start the PC Windows starts to load and then freezes on Windows screen (black background, before the colored spinning balls). This is easy to resolve. Just download the latest Kaspersky Rescue Disk, burn the [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Rootkit Causes Windows Not To Boot – Freezes at Windows Load Screen

Rootkit Zero Access Removal Notes

malwarekilla — Tue, 27 Dec 2011 15:51:05 +0000

This post is split up in a few sections. It’s mostly my notes on dealing with rootkit zero access (a.k.a – rootkit.zeroacess, w32/Sirefef or Max++) Methods of Infection for Rootkit Zero Access (max++) Outdated Java (this seems to be the #1 way) .exe’s that have random porn type names. They are made to look like [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Rootkit Zero Access Removal Notes

TDL4 Rootkit Video – Being Used as a Proxy

malwarekilla — Tue, 12 Jul 2011 15:44:34 +0000

In this video you get to see how the TDL4 rootkit uses your PC as a proxy server. The tools used in this video are Comodo Cleaning Essentials and the Windows Task Manager.

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: TDL4 Rootkit Video – Being Used as a Proxy

Searching Online Whitepages Often Leads To Rogue Antivirus…or Worse

malwarekilla — Tue, 07 Dec 2010 20:02:27 +0000

I’m often curious on how my clients become infected. What websites they visited, what they were searching for and of course what kind of protection they had on their computer. After taking notes for a month it seams that 75% of the clients infected with rogue (fake) anti-virus first observed the rogues infecting their [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Searching Online Whitepages Often Leads To Rogue Antivirus…or Worse

How the TLD4 Rootkit Bypasses Driver Signing on Windows 64-bit

malwarekilla — Mon, 15 Nov 2010 18:41:58 +0000

Per the Sunbelt Blog: Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded [1]. The TDL4 rootkit bypasses driver signing policy on 64-bit machines by [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: How the TLD4 Rootkit Bypasses Driver Signing on Windows 64-bit

Kaspersky Website Serves Up Malware

malwarekilla — Wed, 20 Oct 2010 17:32:41 +0000

My first reaction to this was….”oooooo….that’s bad”. Anyway, check out the article. http://www.examiner.com/technology-in-national/security-firm-kaspersky-serves-up-malware-from-its-site

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Kaspersky Website Serves Up Malware

Combofix Not As Effective As It Once Was

malwarekilla — Sat, 06 Feb 2010 22:51:12 +0000

I don’t know if anyone else has noticed but for the last 2-3 weeks Combofix has been more or less….a waste of time, in fact I just had to resort to my UBCD4Win on every malware appointment. The latest round of rootkits seem to be evading it rather well. Also, I’ve really had to rely [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Combofix Not As Effective As It Once Was

Microsoft Security Essentials – Rootkit Followup Video

malwarekilla — Thu, 10 Dec 2009 18:07:16 +0000

In this followup video to the Microsoft Security Detection and Removal tests video I show you what rootkit was present on the PC, what apps couldn’t even detect it and what finally removed it. http://www.youtube.com/watch?v=aRfnBjTCG4I

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Microsoft Security Essentials – Rootkit Followup Video