D
Dan
Flightless Bird
"Mammoth" <Mammoth@discussions.microsoft.com> wrote in message
newsF2A53CA-5B4C-468B-A91D-F7502A0330AE@microsoft.com...
> Well, so far so good: further anti-virus testing raised a rootkit
> warning -
> "spcm.sys". Though, the problem is that I'm unable ot find it (using
> search),
> I'm unable to trace its startup (can't find in registry), and virus
> checker
> which has found it - died as soon as I've ordered it to delete this
> file...
>
> Now the question is: how do I find it?
If you feel up to it, I would recommend you look into ComboFix - it's a
collection of really intensive tools that can get rid of rootkit infections
that many other applications cannot. I've used it twice in the past couple
of months to clean friend's PCs and have removed infections that
Malwarebytes, Hijackthis, and AVAST couldn't even see, I did find another
tool that claimed to remove them but as these were also embedded in the boot
sector the PC was reinfected at reboot. One of the tools in ComboFix will
prevent a boot sector infection from reloading - it can't remove it entirely
due to the risk of wrecking the boot sector, but it can overwrite part of
the execution code to render it useless.
It also creates a set of undo files so it's reasonably idiot proof, but it
does take some time to run and if you stop it during execution there is a
risk you could make a mess of Windows - make sure you have system restore
enabled so ComboFix can create a restore point when it first runs.
--
Dan
newsF2A53CA-5B4C-468B-A91D-F7502A0330AE@microsoft.com...
> Well, so far so good: further anti-virus testing raised a rootkit
> warning -
> "spcm.sys". Though, the problem is that I'm unable ot find it (using
> search),
> I'm unable to trace its startup (can't find in registry), and virus
> checker
> which has found it - died as soon as I've ordered it to delete this
> file...
>
> Now the question is: how do I find it?
If you feel up to it, I would recommend you look into ComboFix - it's a
collection of really intensive tools that can get rid of rootkit infections
that many other applications cannot. I've used it twice in the past couple
of months to clean friend's PCs and have removed infections that
Malwarebytes, Hijackthis, and AVAST couldn't even see, I did find another
tool that claimed to remove them but as these were also embedded in the boot
sector the PC was reinfected at reboot. One of the tools in ComboFix will
prevent a boot sector infection from reloading - it can't remove it entirely
due to the risk of wrecking the boot sector, but it can overwrite part of
the execution code to render it useless.
It also creates a set of undo files so it's reasonably idiot proof, but it
does take some time to run and if you stop it during execution there is a
risk you could make a mess of Windows - make sure you have system restore
enabled so ComboFix can create a restore point when it first runs.
--
Dan