Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Closed Thread
 
Thread Tools Search this Thread Display Modes
 
Old 02-13-2010, 02:58 PM   #1
Baseband Member
 
Join Date: Nov 2008
Posts: 91
Default rootkit.gen - swerftx.sys infection

I'm infected with rootkit.gen (specifically: swerftx.sys, unique code IQ1LCWD7) at LBA sector 0 of my MBR. It's a "highly severe" Trojan which can enable a remote computer to take over my computer, among other things. I don't want to pay Webroot $100 to remove it for me. How do I remove it myself, or where can I learn how to do so? Or is there too much to learn just to save myself $100, or does it require special software that isn't available to the average person? Should I use ComboFix? (I've got it, but I've heard it can be dangerous.) Help!
__________________

BobLewiston is offline  
Old 02-14-2010, 05:40 AM   #2
BSOD
 
Join Date: Dec 2009
Posts: 100
Default Re: rootkit.gen - swerftx.sys infection

Try Malwarebytes, google for it off the net (Free Version) It might do the job for you.
__________________

officemanager is offline  
Old 02-14-2010, 01:33 PM   #3
Baseband Member
 
Join Date: Nov 2008
Posts: 91
Default rootkit removal never certain?

Thanks for the help. However, before I go to the trouble to follow your advice and possibly do something wrong, could anyone comment on the following?

I'm now reading the following online at the University of Minnesota's Safe Computing website (see http://safecomputing.umn.edu/guides/...nhackme.html):

Quote:
Rootkits are a special kind of malware that are specifically designed to hide the activities of other viruses and worms, and compromise the operating system so that it may not be repaired. If your machine is infected with a rootkit, you will very likely not be able to regain complete control of the system. Reinstallation is highly recommended.

However, there are exceptional cases when you absolutely need to attempt to repair the system. Although no tool can guarantee results for rootkit identification and removal, there is at least one program which has show limited success from time to time in this area. It's called UnHackMe.
It goes on to say:

Quote:
Remember that in computer security there's no such thing as a silver bullet, and that you can't be certain which files were compromised by the viruses, worms and trojans on your machine. If you've been infected, you could still have "backdoors" riddled throughout your computer's operating system, and you should think very hard about reinstalling your operating system, and starting over from scratch.
Does anyone know if you can never really be certain if you've succeeded in completely removing a rootkit? I'll reinstall the system and all my software if I really have to.
BobLewiston is offline  
Old 02-14-2010, 05:14 PM   #4
Solid State Member
 
Join Date: Feb 2010
Posts: 12
Default Re: rootkit.gen - swerftx.sys infection

There are many utilities that you can use to remove viruses. yes root kits are the hardest to remove and can sometimes be hidden in your operating system. I would recommend you going here http://www.techsrt.com/Remove_Viruses.html. It has all the utilities you need to remove a virus. If not then you will have to reinstall your OS just make sure you can find all the drivers for your computer. Because it is pain looking for those.
tech3211 is offline  
Old 02-14-2010, 05:44 PM   #5
Site Team
 
berry120's Avatar
 
Join Date: Jul 2009
Location: England, UK
Posts: 3,425
Default Re: rootkit.gen - swerftx.sys infection

Quote:
I'll reinstall the system and all my software if I really have to.
This is exactly what you should do if you're ever infected with a rootkit.

Unlike normal viruses, these nasties can really get anywhere and everywhere - even in the MBR sometimes. Most admins will simply wipe and reinstall to make sure everything is cleaned as soon as they find a rootkit, I suggest you do the same. If you think you've removed it but aren't quite sure, someone could still gain access to everything on your box. It's just not really a risk worth taking...
__________________
Save the whales, feed the hungry, free the mallocs.
berry120 is offline  
Old 02-14-2010, 09:19 PM   #6
BSOD
 
Join Date: Dec 2009
Posts: 100
Default Re: rootkit removal never certain?

Quote:
Originally Posted by BobLewiston View Post
Thanks for the help. However, before I go to the trouble to follow your advice and possibly do something wrong, could anyone comment on the following?

I'm now reading the following online at the University of Minnesota's Safe Computing website (see http://safecomputing.umn.edu/guides/...nhackme.html):



It goes on to say:



Does anyone know if you can never really be certain if you've succeeded in completely removing a rootkit? I'll reinstall the system and all my software if I really have to.
You already have doubt the abilities of the programs suggested to you, Better off doing what berry120 mentions as in reformatting and reloading your software.... On another note you best to have a hard think about how you got this root kit virus and how you going to stop it from reoccuring.
officemanager is offline  
Old 02-15-2010, 02:36 PM   #7
Baseband Member
 
Join Date: Nov 2008
Posts: 91
Default attention, officemanager

Quote:
Ö you best to have a hard think about how you got this root kit virus and how you going to stop it from reoccuring.
Hereís what happened. I did a search on Dogpile for "winter solstice". Clicked on a very innocent looking link that came up from the search (I don't remember the URL or verbiage). I was INSTANTLY alerted by Webroot Security Essentials that I was infected with a malware bundle consisting of:

these "very highly severe" Trojan horses:
1. Trojan-Phisher-Snifula (Unique Code 6FANL78I),
2. Exploit-Java (Unique Code DSHQ6ADG), and
3. Rootkit.Gen (Unique Code IQ1LCWD7),

and these "highest severity" viruses:
1. Mal/Bredo-B,
2. Mal/Hiloti-A,
3. Mal/JSRedir-C,
4. Mal/ObfJS-CM,
5. Mal/ObfJS-H,
6. Mal/ObfJS-X,
7. Troj/Istbar-DQ,
8. Troj/PDFEx-CM,
9. Troj/PDFJs-ER,
10. Troj/PDFJs-FZ, and
11. Troj/PDFJs-GE

which Webroot had already auto-quarantined. A subsequent Webroot sweep and running some utilities Webroot sent me eradicated them all except Rootkit.Gen, which Webroot tells me I have to pay them $100 to get rid of (which I actually don't blame them for; it looks like it'll be a real bear to get rid of).

Under the circumstances, itís hard to see how I could have avoided this infection, short of finding and installing some hitherto unknown super-powerful anti-malware, since Webroot was unable to block it.

Anyway, Iíve consulted a few special forums run by malware removal professionals. Although they doubtless have the most experience in such matters, I think they're biased in favor of trying to remove the rootkit, rather than just reformatting the disk because that's their hobby as well as how they earn a living (although, in fairness, they're not asking for any money). I understand the fascination of trying to remove it, but from the feedback I'm getting around the community, I'm actually leaning towards reformatting, because the consensus seems to be that you can never be completely certain you're not still infected otherwise.
BobLewiston is offline  
Old 02-16-2010, 01:16 AM   #8
BSOD
 
Join Date: Dec 2009
Posts: 100
Default Re: attention, officemanager

Quote:
Originally Posted by BobLewiston View Post
Hereís what happened. I did a search on Dogpile for "winter solstice". Clicked on a very innocent looking link that came up from the search (I don't remember the URL or verbiage). I was INSTANTLY alerted by Webroot Security Essentials that I was infected with a malware bundle consisting of:

these "very highly severe" Trojan horses:
1. Trojan-Phisher-Snifula (Unique Code 6FANL78I),
2. Exploit-Java (Unique Code DSHQ6ADG), and
3. Rootkit.Gen (Unique Code IQ1LCWD7),

and these "highest severity" viruses:
1. Mal/Bredo-B,
2. Mal/Hiloti-A,
3. Mal/JSRedir-C,
4. Mal/ObfJS-CM,
5. Mal/ObfJS-H,
6. Mal/ObfJS-X,
7. Troj/Istbar-DQ,
8. Troj/PDFEx-CM,
9. Troj/PDFJs-ER,
10. Troj/PDFJs-FZ, and
11. Troj/PDFJs-GE

which Webroot had already auto-quarantined. A subsequent Webroot sweep and running some utilities Webroot sent me eradicated them all except Rootkit.Gen, which Webroot tells me I have to pay them $100 to get rid of (which I actually don't blame them for; it looks like it'll be a real bear to get rid of).

Under the circumstances, itís hard to see how I could have avoided this infection, short of finding and installing some hitherto unknown super-powerful anti-malware, since Webroot was unable to block it.

Anyway, Iíve consulted a few special forums run by malware removal professionals. Although they doubtless have the most experience in such matters, I think they're biased in favor of trying to remove the rootkit, rather than just reformatting the disk because that's their hobby as well as how they earn a living (although, in fairness, they're not asking for any money). I understand the fascination of trying to remove it, but from the feedback I'm getting around the community, I'm actually leaning towards reformatting, because the consensus seems to be that you can never be completely certain you're not still infected otherwise.
I would give Webroot Security Essentials the flick.

Any vendor who charges that outrageous amount on top of a paid program is a thief unless you were using a trial version.

You are best to look else where for another security suit which is suggested to you in another one of your posts.
officemanager is offline  
Old 07-07-2010, 05:57 AM   #9
Beta Member
 
Join Date: Jul 2010
Posts: 1
Default Re: rootkit.gen - swerftx.sys infection

It seems you have some problems. I don't know what did you do to get rid of them or what anti-virus software did you use when you got infected, but I should suggest you to use Kaspersky to clean your PC and keep it that way. Here it is: http://www.trustdownload.com/Antivir...urity-7.0.html
__________________

micofy is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 02:56 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0