Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.gen / swerfxt.sys infection


  • Please log in to reply
2 replies to this topic

#1 Bronko Nagurski

Bronko Nagurski

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 12 February 2010 - 02:24 PM

I've been infected by rootkit.gen - specifically, swerfxt.sys, which is loading from LBA Sector 0 of my MBR. How can I remove it without paying Webroot $100?

BC AdBot (Login to Remove)

 


#2 Bronko Nagurski

Bronko Nagurski
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 14 February 2010 - 06:49 PM

I'm infected with rootkit.gen (specifically: swerftx.sys, unique code IQ1LCWD7) at LBA sector 0 of my MBR. It's a "highly severe" Trojan which can enable a remote computer to take over my computer, among other things. Webroot Security Essentials (incorporating Spy Sweeper) is unable to remove this Trojan, so I assume that most other such programs are also unable to do so. I don't want to pay a Webroot consultant $100 to remove it for me, so I'd like to remove it myself.

However, I'm now reading the following online at the University of Minnesota's Safe Computing website (see http://safecomputing.umn.edu/guides/scan_unhackme.html):

Rootkits are a special kind of malware that are specifically designed to hide the activities of other viruses and worms, and compromise the operating system so that it may not be repaired. If your machine is infected with a rootkit, you will very likely not be able to regain complete control of the system. Reinstallation is highly recommended.

However, there are exceptional cases when you absolutely need to attempt to repair the system. Although no tool can guarantee results for rootkit identification and removal, there is at least one program which has show limited success from time to time in this area. It's called UnHackMe.

It goes on to say:

Remember that in computer security there's no such thing as a silver bullet, and that you can't be certain which files were compromised by the viruses, worms and trojans on your machine. If you've been infected, you could still have "backdoors" riddled throughout your computer's operating system, and you should think very hard about reinstalling your operating system, and starting over from scratch.

Does anyone know if you can never really be certain if you've succeeded in completely removing a rootkit? I'll reinstall the system and all my software if I really have to.

Edited by Orange Blossom, 14 February 2010 - 09:40 PM.
Merged topics. ~ OB


#3 Bronko Nagurski

Bronko Nagurski
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 15 February 2010 - 09:53 PM

What's the best software to prevent malware infections? The best to detect infections? The best to eradicate them? The best single all-in-one product?


EDIT: I merged both topics you made to avoid any confusion ~ Elise

Edited by elise025, 16 February 2010 - 08:29 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users