I forgot to mention

None of threat were running in safe mode or terminated the av their were a lot of files with windows sound or mpg icon in the program files

the  normal mode scan removed the threat but in safe mode

2 threats W32.spybot.worm(removed in normal mode) was removed and sidekicks partially removed

but each time system started it said it blocked W32.Spybot.Worm

their were 2(heuristics) detection by name

bloodhound or blood.sonar.1

and .sonar.2

norton did a great job (by atleast alerting me about the threat Hacktool.rootkit but failed to alert about the others)

I`m guessing it was just dropped to make W32.Spybot.worm process/execution Stealth/hidden

---

aviben1994 wrote:

Hi

 

I wanted to know if a rootkit can survive after a a complete format .i.e.  me installing a fresh cpy of windows and deleting all partitions and creating new ones.

 

---

Hi aviben1994,

Speaking just from a general point of view. I "think" it is possible for some rootkits to survive a HIGH level format because this type of format does NOT actually rewrite the entire surface of the drive but rather removes all references to files and directories stored on the drive.

This is particularly true since data "can" be recovered from a drive which has had a HIGH level format performed.

However there are malware that "can" affect the BIOS itself but this is pretty rare. This article might prove interesting.

http://www.theregister.co.uk/2009/03/24/persistent_bios_rootkits/. 

I am not qualified to advise on rootkits but just wanted to touch on this more "general" question.

A LOW level format on the other hand should not allow any rootkit to survive since this type of format rewrites the entire surface of the drive. Of course this type of format takes much longer than a High level format.

Best wishes.

Allen

Considering you go about trying to remove Malware for other people here and anywhere else, even if telling them to install or run more than 10 programs.

You should be able to then be able to remove Malware (all of it) from your own PC no problems, as well as knowing the ins and outs of the Malware types and the OS.

So have fun playing with Malware, and more than on AV product seeing you are actively finding malware. You should easily be able to work it all out and remove them without a reformat.

Maybe I should infect my PC with 10+ malware types and in my case 'pretend' I don't know how to break and remove them, and ask, then see what come out of the wood work on what people want me to try and run, delete and rip apart.

Quads 

---

Quads wrote:

Considering you go about trying to remove Malware for other people here and anywhere else, even if telling them to install or run more than 10 programs.

 

You should be able to then be able to remove Malware (all of it) from your own PC no problems, as well as knowing the ins and outs of the Malware types and the OS.

 

So have fun playing with Malware, and more than on AV product seeing you are actively finding malware. You should easily be able to work it all out and remove them without a reformat.

 

Quads 

---

Hi Quads,

No one knows this better than you. As I said I was speaking from a very general sense about that one question and stated that I am not qualified for rootkit removal.

Allen

I was to the thread creator who removes Malware for others, or attempts to, like http://community.norton.com/t5/Norton-Internet-Security-Norton/boot-Tidserv/td-p/339234

Yet struggles with his own PC, and infecting looks like on purpose his PC, Who's now using McAfee

Quads

@ Quads

I forgot too mention most important thing this was

or happened well see the version of Norton you will know which year am talking about.

hihi

guess I forgot to mention...........I didnt know a thing about theat back then(Still dont but guess better than before).

All I wanted was to know if anyone had come across my type of infection and had received a threat after installing limewire( which has now been shut down but suprsingly older versions/Pirate edition work)

AS FOR REMOVAL

As far as my pc goes I havent analysed any malware except for few like a worm similar prog that dropped itself on all drives.

and ***.dll was executing rundll32.exe which was staring Internet Explorer and redirected to some sites eausoft or something

I used hijack this and Process explorer.Used Hijack this to remove the file at restart.

And Once a Trojan which had Windows Security like icons and redirected me to spyaxe or some app page

I Dont infect my PC to see what threats do..... but do install a virtual PC(XP) to check how antivirus detect threats.

If  i have more than 2 infection which are hard to remove i just run scan to get threat name and if possible submit it.

And then i format my pc(it takes 40 minutes to format and nearly 1-2 days to scan and check for threats)

I `m not a programmer.Nor someone who checks virus activity but I jus wanna check For dangerous threats out their

Everyone is not  Comp Smart  Quite a few ppl dont know to format or check virus activity and remove it on their own.

Every one doesnt get infected by High level threats some get rogue program or Zlob or Simple Adware threats like hotbar( which i guess dont cause much damage)

For them removing using a security app is the best soultion

IF

Ppl Should follow what u say( Which is 100% true)

their would be no need of forum for threat removal or ppl should jus stop posting for threat removal help

IT should be just NIS or NAV appliaction related probs. or may be the mods could jus delete all the virus help related topics

As ppl dont get help any way they can atleast save their net cost (Broadband = More money for paying bills)

If you think I`m Misleading people then please tell so.

I`ll stop posting and jus read the interseting posts

@ ALLEN M

Thanks for the link