Rootkits

I know we have some awfully amazing computer geeks among us.  I am beseeching you for your knowledge and expertise.

I have somehow had malware installed on my desktop (no, it wasn't due to porn, thank you very much ).  Regardless of my browser, whenever I use a search engine and click a resulting link (which is a necessary tool for my work), the malware kicks in and redirects me elsewhere.  This happens about four or five times until the desired website appears.

I have run a total of eight different anti-spyware, antivirus, etc etc programs, and one claims to have found "Hacker Defender" but is apparently unable to remove it. 

It seems whatever bug my machine has prevents it from running in safe mode also (which inadvertently led to a bigger scare this afternoon- I was stupid enough to run msconfig and change the boot setting to safe mode...what a nightmare, but I've remedied it).

I've lost almost a whole day of work trying to sort this out.  Perhaps one of you has some sound know-how or advice in terms of dealing with this.

No, I am not sure I am dealing with a rootkit, but one of the eight programs I have run (it was RegRun) says that's what it is- it just won't remove the damn thing.

I have a laptop with a missing spacebar (the little nub is still there) that will aid me in the meantime, but I'd really hate to reinstall Windows XP.

Thank you for any help.  I will write a song in praise of anyone who helps me solve this matter.*



















*No I won't. 

A Person wrote: Some "antivirus" programs are really just disguised viruses, what programs are you using? I would suggest sticking to a single one, or at the most two. You could try using Spybot Search and Destroy if you want, I can't guarantee it will work, but it's worth a shot.

Tried and found wanting.

I'm fairly sure none of the programs I am using are bad...I just know that rootkits have evolved to the point that several programs don't detect them.  I'm trying to use those that are heralded as the latest in detecting rootkits.

Have you tried AVG? Microsoft Security Essentials? Avast? Avira AntiVir?

Kaspersky?

Ehm...format C: ?

A Person wrote: Have you tried AVG? Microsoft Security Essentials? Avast? Avira AntiVir?

Thanks.

These I have not used yet...I'll exhaust all possible resources before I take

there is another way to clean your system from hxdef-rootkit:

Boot windows into Rescue mode, do one of the following:

Insert the Windows OS Installation CD into the Drive.
Boot from the CD
Choose R to enter the Rescue Console
Choose the Windows installation you want to Clean from the list presented to you.
Enter the Administrator Password.

Once in the recovery console, you have a few commands for this, including:

listsvc - lists services that can be enabled or disabled
enable <servicename> <start-type> - enables a service, with a service type,

SERVICE_DISABLED
SERVICE_BOOT_START
SERVICE_SYSTEM_START
SERVICE_AUTO_START
SERVICE_DEMAND


disable <servicename> - disables a service, but prints out the previous
start-type, which should be recorded in case you need to re-enable the
service.

More information about the recovery console here

Update the second...

For my tenth program, I ran Dr. Web Cure-It, which recognized several corrupted .exe files as well as a Trojan running and a wickedly corrupted .tmp file that wouldn't go away.

I stopped the scan prematurely and rebooted to find the .tmp file gone from the drivers folder.

I have tested many times, and clicking through search engine results has yet to result in a hijacked browser.

I intend to run Dr. Web Cute-It again on "complete" mode and see what happens after that.

Epignosis wrote: Update...I ran Malwarebytes (probably should've done that first, but this is becoming quite a learning experience). It rid my machine of 15 Trojans.  I made a log of these. Unfortunately, the problem persists.  I think I will run it a second time this morning and see what happens- if Malwarebytes failed to remove one or more, or if one or more has recreated itself somehow.

Mr ProgFreak wrote: ^ the bad thing about rootkits is that the only safe way to remove them is to re-install the OS. Sad, but true ... no song named after me, but you could write a brutal Death Metal song about rootkits. ;-)

That would nerdy. and awesome.

Dean wrote: Reformatting the hard-drive and installing XP from scratch is the only surefire way.

Rob, even though your browser may be running more smoothly, I still highly recommend doing this based on how badly infected your machine was/(still may be).