Got a customer PC over the weekend that they simply wanted Itunes installed on. Wow, an easy one I'm thinking. I start the install and it locks up the PC.
Skip forward to several scans using everything I've got, and I finally get around to scanning for a rootkit. OOPS ... well, there it is, hiding in the Windows/Temp folder with several $dgb3 or similar filenames in there, along with some perflibxx.dat files that appear to be prefetch data for the bad stuff stored elsewhere.
ComboFix found it and said it deleted it, but it was right back when I restarted. MalwareBytes the same thing. I tried a product from McAfee and Sophos with the same results.
My S.O.P. for these is nuke it from orbit, but the customer doesn't want to do that, so is there ANYTHING that you guys have used that can effectively deal with a rootkit ?? I doubt there is, but I have few options. I'm going to try and talk them into wiping it and I'll use the Easy Transfer wizard to back up what I can.
Skip forward to several scans using everything I've got, and I finally get around to scanning for a rootkit. OOPS ... well, there it is, hiding in the Windows/Temp folder with several $dgb3 or similar filenames in there, along with some perflibxx.dat files that appear to be prefetch data for the bad stuff stored elsewhere.
ComboFix found it and said it deleted it, but it was right back when I restarted. MalwareBytes the same thing. I tried a product from McAfee and Sophos with the same results.
My S.O.P. for these is nuke it from orbit, but the customer doesn't want to do that, so is there ANYTHING that you guys have used that can effectively deal with a rootkit ?? I doubt there is, but I have few options. I'm going to try and talk them into wiping it and I'll use the Easy Transfer wizard to back up what I can.
Comment