Battling malware, rootkit wasted this day – Providence Journal
I have spent much of the day, when not at work, getting rid of a virus acquired at 6:18 a.m. from a classical music download link at an mp3 blog hosted at one of those sites that makes you wait if you don't have a pro account.
The symptom: An obviously alarmist program listed malware on my computer (it put it there) and said it could remove it for a fee. It couldn't be closed, and uninstalling it saw it resurrected on reboot. Worse, attempts to search for a way out of it redirected genuine search results links to adware sites.
Eventually, old and free tool friends MalwareBytes (a full scan of my C: drive, not a quick scan), and HijackThis (*see below) detected the bad guys and got rid of the rogue program, AntiMalware Doctor (which I kept reading as AnimalWare Doctor), and some of its friends.
But what remained behind -- a "rootkit" -- hijacked my search results, and tried to redirect every link about removing viruses to sites that seemed to be ads looking for clicks.
I used MVP to redirect their redirects nowhere, but the real links still wouldn't load.
Rootkit utilities such as sdfix and tdsskiller were ineffective. Tdsskiller pinpointed IaStor.sys as containing a rootkit, but "cure failed."
My daughter came over, and after we decided the odds were against a router infection, she fired up my laptop and did the searching my redirected search results couldn't do. People with similar problems had posted in several spots that a free trial of HitmanPro removed this malware. She downloaded it to the laptop, burned it to a CD, and I ran it.
Worked here, too. HitmanPro saw the rootkit in IaStory.sys and and two other issues, and fixed them.
All better. Wasted day. Cleaner startup menu. I may have a few new geek chops, aka scars, but I hate this stuff: A day lost to mischief in the name of greed.
*HijackThis works best if you run it when you're not infected and get a log snapshot of your startup system. Later, if you get some funny code, you can find the rogue by looking at what's new there. If you're familiar with your system, and have some idea what's essential and what's odd, you can suss out some problems. If you're not, just read what it finds; removal of registry and file settings is not for amateurs. If you don't know what you're doing, you can disable your computer.
If you go to one of the sites that help with free virus and spyware removal, they may ask you to post a Hijack This log file, and their experts tell you what to delete. Don't guess.
Five Filters featured article: Chilcot Inquiry. Available tools: PDF Newspaper, Full Text RSS, Term Extraction.
Leave a comment