Remove-Malware News and Notes 8.17.11

Infected with a rootkit?  I wouldn’t waste your time with rootkit removal tools (IMO).  I had a client who was getting redirected to malvertised sites on almost every search.  In case you didn’t know, getting redirected to a site when you’re searching means that you have a rootkit (TDSS).  Anyway…I connected to the client remotely and tried:

  • TDSS Killer.  Wouldn’t load.
  • Norton’s TDSS remover.  Loaded but didn’t find anything.
  • Bit Defender’s TDSS remover.  Loaded but didn’t find anything.
  • Hitman Pro.  Loaded but didn’t find anything.
  • Combofix.  Found some stuff, but didn’t detect the rootkit.
  • GMER.  Detected MBR modification.
After the GMER scan detected a possible MBR rootkit I told the client I’d run over her house, pickup the PC and return it the next day.  As soon as I got it home I ran a scan with my Kaspersky Rescue Disc.  KAVRD found an MBR rootkit and removed it.  🙁 still waiting for a real rootkit removal tool….
Here’s the pic:
rootkit removal kaspersky