Rootkit.Cloaked/Service-GEN Removal Help

Discussion in 'Malware Help (A Specialist Will Reply)' started by MrGray, May 24, 2009.

  1. MrGray

    MrGray Private E-2

    Greetings,

    I am trying to rid a buddy's PC of a rather nasty virus/malware/rootkit infection. Reader's Digest version of how it got infected: He was trying to download a Windows Media Codec to play a downloaded movie (needless to say he kind of asked for it) clicked on the link where it redirected him to a website to download the codec. However, it then told him that he had to disable his firewall to download it, which he did :eek and BAM! here we are...

    I am an experienced professional, but needless to say this one has me baffled. I found your forum here and I followed the instructions in the
    "Windows XP Cleaning" procedure. However, I was unable to run "ComboFix" as every time I tried running it, I received an error that read

    "ALERT! It is NOT safe to continue! The contents of the ComboFix package has been compromised. Please download a fresh copy from www.bleepingcomputer.com/combofix/how-to-use-combofix. NOTE: You may be infected with a file patching virus (Virut)"

    I am still having problems, as the desktop background cannot be changed, the Task Manager is disabled, regedit is disabled, and every time I thought I've removed the problems they return. I am attaching logs to this post and would appreciate any assistance that can be rendered. Thank you.
     

    Attached Files:

    MrGray, May 24, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your Windows Operating System files and perhaps other executable files have become infected with a Virut type infection. This is why you received that message from ComboFix. The executable file for Combofix was infected as you tried to download it. Virut infections can infect every executable file on your PC thus making it unreliable and untrustworthy. The safest thing to do for infections like this is to reinstall from scratch. We could attempt to repair your problem but it may not be successful since the infection can respawn itself from just one single remaining infected file. And even if we appear to fix the problem, your PC really still would be unreliable and untrustworthy.

    Let us know how you would like to proceed, but either way the safest thing for you to do is backup your personal data immediately since your PC could possibly become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected.
     
    chaslang, May 25, 2009
    #2
  3. MrGray

    MrGray Private E-2

    I was afraid that this was going to be the most likely solution. I think the safest way to proceed would be a re-install of the OS. Let me know if you require any more information. Thank you.
     
    MrGray, May 25, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes this is really the best option to insure a clean and trustworthy PC. After you reinstall, make sure you follow the below immediately to help protect you from future problems:

     
    chaslang, May 25, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds