close

Privacy guaranteed - Your email is not shared with anyone.

Virus - rootkit removal?

Discussion in 'Tech Talk' started by vote Republican, Jul 17, 2011.

  1. vote Republican

    vote Republican White and nerdy Moderator

    Messages:
    11,280
    Likes Received:
    2,330
    Joined:
    Aug 23, 2002
    Location:
    OAF Mecca, MD
    My father in law has an old XP computer. It got virused, and running from a AV boot CD it shows volsnap.sys has a rootkit. So I need to replace this file, not just delete it (important system file). Thoughts? I am gearing towards format/reinstall, but I'm just wondering if there's anything anyone has done here.

    When I run AV from the OS, it doesn't show this infection. Malwarebytes, Sophos show clean.
     
  2. eracer

    eracer Where's my EBT?

    Messages:
    6,711
    Likes Received:
    6
    Joined:
    Apr 5, 2011
    Location:
    Tampa, FL
    Last edited: Jul 17, 2011

  3. GIockGuy24

    GIockGuy24 Bring M&M's

    Messages:
    4,037
    Likes Received:
    5
    Joined:
    Jul 14, 2005
    Location:
    With Amber Lamps
    Kaspersky TDSSKiller is suppose to repair that one.

    http://support.kaspersky.com/downloads/utils/tdsskiller.zip

    More info

    http://support.kaspersky.com/faq/?qid=208283363
     
    Last edited: Jul 17, 2011
  4. GIockGuy24

    GIockGuy24 Bring M&M's

    Messages:
    4,037
    Likes Received:
    5
    Joined:
    Jul 14, 2005
    Location:
    With Amber Lamps
    Ah the zip file version may be out of date.

     
    Last edited: Jul 17, 2011
  5. Pierre!

    Pierre! NRA Life Member

    Messages:
    4,473
    Likes Received:
    816
    Joined:
    Jun 20, 2003
    Location:
    Lovin Sparks Nv!
    RootKits *suck*...

    I have always just 'Nuked Them From Space' so that I am sure... Particularly on Business systems in highly regulated industries.

    And, after the re-install, it's so much faster!

    It will be interesting to see if this gets effectively cleaned!

    Nice links GlockGuy24... looking to hear this fixes up nice and easy!
     
  6. vote Republican

    vote Republican White and nerdy Moderator

    Messages:
    11,280
    Likes Received:
    2,330
    Joined:
    Aug 23, 2002
    Location:
    OAF Mecca, MD
  7. vote Republican

    vote Republican White and nerdy Moderator

    Messages:
    11,280
    Likes Received:
    2,330
    Joined:
    Aug 23, 2002
    Location:
    OAF Mecca, MD
    100% agree for work computers, make an image & keep docs on a network drive. This is an old PC, not sure where all the CDs are even (I could probably find one if I had to).
     
  8. Pierre!

    Pierre! NRA Life Member

    Messages:
    4,473
    Likes Received:
    816
    Joined:
    Jun 20, 2003
    Location:
    Lovin Sparks Nv!
    Thanks for letting us know how it went!

    I may have a new tool for the future, you too no doubt! :supergrin:

    Thanks, and I dig your 'Handle' - vote Republican - and vote em all out till further notice (LOL)

    Patrick
     
  9. vote Republican

    vote Republican White and nerdy Moderator

    Messages:
    11,280
    Likes Received:
    2,330
    Joined:
    Aug 23, 2002
    Location:
    OAF Mecca, MD
    You've been around almost as long as I have, and you've never noticed? LOL
     
  10. srhoades

    srhoades

    Messages:
    2,814
    Likes Received:
    21
    Joined:
    Jul 14, 2000
    combofix is now pretty good at replacing infected system files.
     
  11. gemeinschaft

    gemeinschaft AKA Fluffy316

    Messages:
    2,207
    Likes Received:
    82
    Joined:
    Feb 7, 2004
    Location:
    Houston, TX
    VR, I have a bunch of Windows OEM discs. As long as you still have a valid license key, you might be able to use another disk.

    What OS and who is the Manufacturer?