Denial of Service

[LabanB]

Hi, I've removed 28+ virii from my computer (Vista) using a number of free anti-virus software, but there clearly are still some on there. I've tried to use Panda, but it keeps telling me there is no inetrnet connection even though there clearly is.

Any advice how to get around the block?

Bill

[El Heggunte]

Try booting the PC in safe mode WITH network support (or something like that).

Anyway: it seems you need a program capable of removing rootkits specifically.

BUT some rootkits are so nasty, that your best choice may be:

1) re-format the HDD and re-install the operating system, plus

2) learn how to be extra-careful when surfing on the Internet.

[redwudz]

You may have already tried Malware Bytes, the free version. If not, give it a try. And as mentioned above, Safe Mode will help.
Try running some antivirus programs in that mode. You can also try some rootkits anti-malware in Safe Mode. Good luck.

[davexnet]

You could try an offline rescue disk before reformatting the system. Burn the disk or create the USB and then boot from it.
For example,
http://support.kaspersky.com/us/viruses/rescuedisk

[LabanB]

Cheers to all Yes, tried MalwareBytes - thats how I got rid of the first 28 items!

Any suggestions for free rootkits?

Bill

[redwudz]

Seems some good information here: http://www.techrepublic.com/blog/data-center/rootkits-is-removing-them-even-possible/

[LabanB]

Thanks

[railroadartwork]

So you removed 28 virii from your PC and that's the good news. Unfortunately the removal procedures (usually) don't repair all the cumulative damage they have done and that's the bad news. At this point, you may actually be virus free but you may still have to deal with repairing all the left-behind damage and that is not an easy task. I would consider a repair or clean install at this point. Good luck.

[TimA-C]

Keep downloading & running MalwareBytes - they usually update more than once a day. They also used to do a beta version anti-rootkit util that was free to use for home users, but not sure if they still do? (In MalwareBytes, have you made sure that the 'Scan for Rootkits' option is ticked in the 'Settings'? Also, I'd change the view settings in the 'File Explorer Options' - somewhere off the 'Control Panel' - so that hidden & system files are visible. I don't think that will affect MalwareBytes, but may hinder some other Utils. You can always change them back when clean.)

If you have access to another (clean) PC or Laptop then you may get better results letting the clean PC clean up your infected hard drive - harder to clean whilst running in an infected operating system (USB/e-sata adapters or hdd docking bays are useful bits of kit to have lying around!)

You might also want to try using a pre-loaded Hosts file to block access to a lot of already known PITA sites/domains/IP addresses etc. which might prevent anything you've already got running around in your system from reporting home and/or updating itself. It may also give you some extra future protection once you're clean again. I've had success with a Hosts file from MVPS - read & follow the installation instructions EXACTLY or you won't get any benefit.

Good luck.

(p.s. I am not connected in any way with either of the companies/groups/collectives/individuals that I have mentioned in this post. I have used the products that I referred to myself, and believe them to be safe and from reputable creators, although I would urge anyone tempted to follow my advice to do their own research and make sure that they're happy with the products and where they're obtaining them from.)

Edit: As railroadartwork (and others) have already suggested, you probably should be getting prepared to format & re-install in the not too distant future. (I'm sure you've already backed up any data you want to keep, but don't forget to make sure that you have any license numbers and disks or download links you may need to reinstall software. Try and make sure that you have drivers for at least the main parts of your system - at the very least your wired and/or wi-fi network adapters!)

[LabanB]

Thanks again. I'm going to try a Safe Mode clean, then, if necessary, reinstall.

Cheers for the advice

Bill

[Poppa_Meth]

In Malwarebytes you need to go into settings and enable the rootkit scan before you run a scan. Also before going full reinstall give ComboFix a try. As for the lack of internet connection, check proxy settings in your internet settings. I've seen a few infections that add a proxy to the PC and appear to break the internet when it's really the proxy causing problems.

[Nelson37]

Definitely double-check for proxy, also recommend CCleaner (files and registry) in addition to MANUALLY emptying all temp directories, also repeating scans in safe mode, also using a boot cd for a guaranteed clean environment. Recommend using a second AV product in addition to MBAM for extra cleanup. Also test booting to a different username. Manually examine ALL program directories for suspect entries, go back to the list of previously found infections, identify locations, eliminate all traces.

[usually_quiet]

Somebody mentioned a free rootkit remover from Malwarebytes. That would be Malwarebytes Anti-Rootkit. or MBAR for short. It still exists and is still in beta. I've used it. It didn't find any rootkits, but my problem turned out to be caused by something else.

[LabanB]

Where/how do I check the proxy settings? I've looked into the Internet Options, but couldn't see proxy settings.

[Nelson37]

Assuming you are using IE, Internet Options, Connections, LAN settings.

You mention there is no internet connection, though there clearly is. Based on what evidence are both statements made? Without additional information these make no sense.

Here is how you test - Command prompt, enter IPCONFIG /all, find active connection, identify gateway and DNS addresses, type PING followed by each address, one per command, if DNS is in same address scheme, substitute 63.75.167.11 or 75.75.75.75, test both. Should get four identical answers, reply from pinged address is good, other two possibilities are bad. If you can ping DNS, you are online, gateway (router) only means network OK, internet bad, no gateway is cable, card, or router problem, PC IP address starting with 169 is dhcp failure.