Remove-Malware.com » rootkits

Rootkit Zero Access Removal Notes

malwarekilla — Tue, 27 Dec 2011 15:51:05 +0000

This post is split up in a few sections. It’s mostly my notes on dealing with rootkit zero access (a.k.a – rootkit.zeroacess, w32/Sirefef or Max++) Methods of Infection for Rootkit Zero Access (max++) Outdated Java (this seems to be the #1 way) .exe’s that have random porn type names. They are made to look like [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Rootkit Zero Access Removal Notes

TDL4 Rootkit Video – Being Used as a Proxy

malwarekilla — Tue, 12 Jul 2011 15:44:34 +0000

In this video you get to see how the TDL4 rootkit uses your PC as a proxy server. The tools used in this video are Comodo Cleaning Essentials and the Windows Task Manager.

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: TDL4 Rootkit Video – Being Used as a Proxy

Microsoft Security Essentials – Rootkit Followup Video

malwarekilla — Thu, 10 Dec 2009 18:07:16 +0000

In this followup video to the Microsoft Security Detection and Removal tests video I show you what rootkit was present on the PC, what apps couldn’t even detect it and what finally removed it. http://www.youtube.com/watch?v=aRfnBjTCG4I

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Microsoft Security Essentials – Rootkit Followup Video

Skynet Rootkit – When Malware with Movie Names Attack!

malwarekilla — Thu, 13 Aug 2009 14:39:56 +0000

No, the global A.I. network of man killing machines from the Terminator movie is not on your computer, it’s just a browser redirection rootkit. Figure 1 – The Skynet Rootkit I went over Tom’s house last night on the report that he couldn’t run a quick scan with SuperAntiSpyware (his box blue screened with a [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Skynet Rootkit – When Malware with Movie Names Attack!

Free Rootkit Removal Programs

malwarekilla — Tue, 07 Jul 2009 14:27:06 +0000

This is a quick post on free rootkit removal. I get 5-10 emails a day on how to remove rootkits, so I’m hoping this will answer a few of those. Rootkits can be removed for free with: 1. A Bootable AntiVirus Disc (like the Avira free rescue cd). Rootkits reside in the system32 folder, so [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Free Rootkit Removal Programs

New Generation of Rogue Antivirus Prevent Browsing

malwarekilla — Fri, 13 Feb 2009 21:00:00 +0000

As you can see by the screen shot below, a rogue antivirus program called Spyware Protect 2009 has blocked my attempt to browse the internet either by direct URL navigation or via search engine queries. Spyware Protect 2009 is just one example, I’ve seen over a dozen rogues that come bundled with TDSSERV rootkits (the [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: New Generation of Rogue Antivirus Prevent Browsing

Malware Customer Call – Notes from a real appointment

malwarekilla — Wed, 19 Nov 2008 17:58:24 +0000

Ms Hager: “Hi Matt, my computer is giving me a little fit…I don’t know what my husband has been doing” Matt: “What’cha got going on?” Ms Hager: “Well, when I turn the computer on I either get a blank desktop or a big alert saying my antivirus is not registered” I’m thinking it’s malware or [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: Malware Customer Call – Notes from a real appointment

GMER Anti-RootKit: I don’t leave home without it!

malwarekilla — Wed, 29 Oct 2008 15:04:19 +0000

I’ve had about a dozen calls this week involving some nasty rootkits (TDSSERVE, TDSsycte, WinIK.sys). GMER Anti-Rootkit has quickly and effectively deleted or disabled any rootkit that it finds (usually in under 5 minutes). GMER AntiRootkit is FREE btw! Download it today and run a scan if you have been recently infected. Anything that comes [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: GMER Anti-RootKit: I don’t leave home without it!

rootkit.tdsserv/fake – A Very Annoying RootKit

malwarekilla — Fri, 03 Oct 2008 15:39:47 +0000

I had a really nasty experience last night with a rootkit only because I forgot my bootable antimalware disc. Root.TDSSERV/FAKE (as identified by SuperAntiSpyware) performs 100% search engine query redirection to go.google which then serves up malvertised websites (like info.com). Once I used my bootable SAS (i had too run home and get my disc) [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: rootkit.tdsserv/fake – A Very Annoying RootKit

A Weekend Of RootKits: Figaro.sys Rootkit

malwarekilla — Sat, 23 Aug 2008 22:04:23 +0000

I took a few appointments this weekend and witnessed the same infection over and over again…Figaro.sys. The Figaro.sys rootkit is dropped in c:\windows\system32\drivers (on vista) and on XP i’ve seen it in the DLLCACHE folder. I don’t know exactly what it does but I can give you the symptoms: Random reboots Virtumonde drops Very slow [...]

Thanks for reading the feed for Remove-Malware.com !!! This post was originally published here: A Weekend Of RootKits: Figaro.sys Rootkit