You are here: Home > rootkit
Tag Archives | rootkit

Removing Rootkit.Boot.SST.a leaves you with unbootable Windows 7

Last night I had to deal with one very nasty rootkit.   It’s called Rootkit.Boot.SST.a.  Removing the rootkit is pretty easy (used the kaspersky rescue disk), however after it’s removed Windows 7 becomes unbootable and you’re left with a 0x0000007b.   

If you try to use a Windows 7 disc to repair the mbr using bootrec.exe /fixboot, /fixmbr or /scanos it says Windows Installations: 0 (meaning bootrec doesn’t see the partition containing Windows 7).

I found a solution here and boy was it a pain, but it worked and I was very grateful to them :)

Here’s a excerpt:

  1. Boot to the Windows Recovery Environment either by selecting Repair Your Computer when Windows fails to boot, by inserting the Windows installation disc, or by using a Windows ERD/MS DART disc (if you happen to have access to one, that is).
  2. Cancel the recovery attempt if it tries to start on its own (it will fail anyway) and then choose the advanced options link at the bottom of the window.
  3. Choose to open the Command Prompt.
  4. Here’s the fun part.  Once at the prompt, enter the following commands one by one.  Take care not to mistype anything, and be sure to replace C: with whatever your system drive happens to be:

bootrec.exe /fixmbr
bootsect.exe /nt60 all /force
bcdedit /export C:\BCD_Backup
attrib -h -s C:\boot\BCD
ren C:\boot\BCD BCD.old
bcdedit /createstore c:\boot\bcd.temp
bcdedit.exe /store c:\boot\bcd.temp /create {bootmgr} /d “Windows Boot Manager”
bcdedit.exe /import c:\boot\bcd.temp
bcdedit.exe /set {bootmgr} device partition=C:
bcdedit.exe /timeout 10
attrib -h -s C:\boot\bcd.temp
del c:\boot\bcd.temp
bcdedit.exe /create /d “Windows 7? /application osloader

At this point, note the value within the curly braces {……..} as you will need it during the next steps.  Replace the dots within the curly braces below with that entire string on each line.  NOTE:  To make this easier, once you type it once, you can press the Up arrow to restore the last command and simply edit that line for the next one.

bcdedit.exe /set {…..} device partition=C:
bcdedit.exe /set {…..} osdevice partition=C:
bcdedit.exe /set {…..} path \Windows\system32\winload.exe
bcdedit.exe /set {…..} systemroot \Windows
bcdedit.exe /displayorder {…..}
bcdedit.exe /default {…..} 

When I rebooted after I ran these commands Windows still crashed. I then proceeded to rerun the built-in Windows 7 startup repair. After about 1 minute of the Startup repair everything was fixed and Windows 7 booted normally.



Read full story · Comments { 5 }

Rootkit Causes Windows Not To Boot – Freezes at Windows Load Screen

Hi Guys,  just an FYI here.  I’ve had 3 rootkits this week that prevent Windows 7 from loading.  Basically when you start the PC Windows starts to load and then freezes on Windows screen (black background, before the colored spinning balls).

This is easy to resolve.  Just download the latest Kaspersky Rescue Disk, burn the ISO or create the bootable USB stick.  Boot the PC from the Kaspersky Rescue Disk, update it (via a wired or wireless connection) and then scan the entire C drive as well as Disk Boot Sectors.  

After the scan is complete Kaspersky will allow you to disinfect, delete or quarantine any malware found.  Here is the order I always try to choose:

  1. Disinfect
  2. Quarantine
  3. Delete

Reboot the PC after the malware has been removed.  Follow up with a Malwarebytes scan.

Read full story · Comments { 1 }

Remove-Malware Traffic Stats