Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help to remove encrypted Syswow64 rootkit from Usb


  • Please log in to reply
1 reply to this topic

#1 sm23

sm23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 27 April 2018 - 08:54 AM

Hello,

 

Im new to your forum, Ive recently been attacked by extremely aggressive hackers and would be very grateful if anyone here could advise me on how to remove a Syswow64 rootkit that they have infected all my usb flash drives, that has been installed in all the computers that the hackers destroyed for me. The hackers used a lot of different programs like fake programs, fake update programs that forceinstalls itself all of the time, remote controls, infrared, a lot of spyware, encryption, some kind of syncronization worm that connected even offline devices to my network infected them and gave them system root access to all nearby devices, (like phones, dvd players, Television- things containing smartcards, Bluetooth and hd etc) and they even installed a system administration server and file share server on my network aswell.

 

I got several usbs that has been installed in the infected computers and when I run virus tests on them they all come out Clean, (with Norton, Kaspersky etc), and no rootkit shows up but when I run the scan with Microsoft scanner it also comes out as Clean but the names of the whole rootkit shows up during the scan, even if its not visible anywhere else in the usb photo files. I also did a test to remove all files from one usb so that it was empty and then when I checked it with the microsoft scanner it said that the usb was empty but still there was only 7,2 gb room for me left to use, although the usb is 8gb size so I should have 8 gb left to use not 7,2. The reason that I only got 7,2 is because they have hidden an encrypted rootkit on the usb that takes up 0,8 gb space and when I did a scan on the "empty" usb all the rootkit names showed up aswell during the scan. I have understood that they have Booth installed the rootkits separately on every single usb and also when I scan every single photo file on the other usbs that I got the same rootkits name shows up aswell on every single photo.

 

There are so many names that shows up during the scan that I cant write them all down right now but they include stuff like: syswow64, catroot, hkmodule installation hook, microsoft netframework installation hook, common files, svchost, synchronization.exe, mobilesynch.exe, tablet/pcsync.exe, bluettothshare, nearby devices: system root etc and what I would like to know is if anyone here got experience with this types of rootkits and knows how to remove them from my usbs, if that is even possible at all? Do you Think it would be enough if I just burn over all the photofiles on the usb on a dvd and then all the rootkits would dissapear by itself, or do I have to go to some computer service specialist to have them removed and then save them on a new Clean usb or dvd or is there nothing I can do at all?

 

Extremely happy for all answers I can get. Also, please dont shut down my topic because I dont respond in a couple of Days since it can take up to a week for me to answer next time.


Edited by hamluis, 27 April 2018 - 11:21 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 sm23

sm23
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 30 April 2018 - 08:53 AM

Hi again,

 

Just wanted to say that if nobody that works on this site professionally knows the answer to my question, than any other persons that have read my post and knows the answer to it can feel free to send me a private message on this site if you like. I would be extremely grateful.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users