Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 2stubbs


  • Members
  • 1 posts
  • Local time:06:23 PM

Posted 10 October 2011 - 02:20 PM

I was rootkitted yesterday and had help from online microsoft support that got me through. He used TDSSKiller, Housecall, AutoRuns, MS Fix-It(2 versions). I still have a couple of questions.
1. I removed my external hard drive while the technician removed the rootkit. Can I reattach it to the computer now or is there infected
files on it?
2. I cannot find any information on what I had. Only some screens from Housecall and Microsoft Security Essentials that said I had:
Win32.sirefef.j and Win32.Patchload.O. so what is it?
3. I have Spybot S&D, Microsoft Security Essentials and Clamwin AV but these did not stop the rootkit, so what do I need to do to prevent future rootkit.
Hope someone can answer these questions for me.

BC AdBot (Login to Remove)


#2 Broni


    The Coolest BC Computer

  • BC Advisor
  • 42,772 posts
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:23 PM

Posted 10 October 2011 - 05:09 PM

1. Install this first and then scan those drives with your AV program....

Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine, or BitDefender’s USB Immunizer

2. It shouldn't really matter. There is no advantage from knowing what type of infection you had.

3. There is no perfect security program.
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users