If anyone has dealt with a horrible rootkit contamination, please send me some feedback as I am having a real migraine with this. The only tool that picked up on certain rootkit entries, when I first downloaded the tool was Spybot. Now, it doesn't even notice those entries any longer - as if the rootkit has modified the settings in the background or something. Norton was even to the point where it was crashing and giving me internal application errors - much like a coder sees when he/she firsts starts debugging a test application. It was rediculous. Firewall settings are killed, as well as antiviral settings.
If you go to start -> run-> regedit -> HKEY_LOCAL_MACHINE... -> SOFTWARE -> MICROSOFT -> SECURITY CENTER: you will notice that on the righthand side, there are 4 to 5 new entries other than the default. These malicious entries over ride your security features - to the point that even if you delete them, they will eventually reinstall themselves even without reboot. (For sure with a reboot, even if you spend an hour deleting all of the crap from the registry - you have it all back again when you start up anew;) SECURITY CENTER expands and under that you will notice MONITORING. Select the folder that corresponds to your antiviral tool and firewall - both folders will have an extra entry which will disable the monitoring. Then, if you go to HKEY_CURRENT_CONFIG... -> SOFTWARE -> MICROSOFT -> WINDOWS -> CURRENT SETTINGS -> INTERNET SETTINGS, you will notice that there is a proxy enable entry on the righthand side, ie a nice backdoor.
I have noticed that upon deleting these entries, running antispyware, spybot, antivirus and hijackthis afterwards, with a tight internet security setting, that I can still access the web, like I am doing tonight, without having windows reboot itself (which is sometimes the case). Yes, those lovely blue windows errors.
I have reformated from Microsoft Win XP Professional SP2 boot up disks, then used the OS installation CD. Once the installation was completed, I went to the registry to verify if the garbage entries were in there. They were. So, I reformated the hard drive again, only this time I repartitioned it (new/raw). Yet, after the Win XP Professional installation - - - the malicious settings are still in the registry every time upon boot up.
I don't want to have to buy another computer. Any suggestions?????????
I originally had the crazy idea that this rootkit found a way to embed itself in my RAM or lodge itself in an interupt. A buddy of mine told me that I was nuts as the RAM clears every time it is removed. It would be the only logical assumption that I have, unless there is garbage in the 8 MB/index, which windows seems to hold (the small portion of our hard drives that we cannot partition/reformat).
I've never dealt with a rootkit before. It seems that a lot of people don't know much about them and the software out there for rootkits is just starting to come out more. I would prefer to clear the disk totally and reinstalling from zero. I just need a little help to get what I am forgetting/missing here. How can I completely clear out that registry and really reformat this hard drive from scratch?? I have the Microsoft XP Pro boot up (the download is clean) that I downloaded and a valid installation CD (the cd is clean).
Thanks for emailing me if you think it will get to me faster as I try to limit my internet connecting time with this crap on the pc.
Mod Edit~ e-mail removed to protect the member from evil spam bots.
Edited by Pandy, 20 June 2006 - 08:46 AM.