Hey all I have been perusing the site to try to figure out how to get rid of this thing. My wife accidently clicked on what she thought was our windows security center, but turned out to be malicious. Anyway, the computer started acting funny, things started popping up on our desk top, I ran a Norton scan but it found nothing. After that, I tried to run it again, but it just closed out and will not restart. I tried to run windows defender but it doesn't work. Internet eventually stopped working...Booted the computer up in safe mode and now that is how I am typing to you now.
I ran a scan by Panda security, and that told me I was infected with this rootkit:
I AM able to use my usb ports, but I didn't want to mess with too much without posting because I didn't want to mess anything up more than it already is.
Thank you all so much for your help and your time.
I would suggest that you go to one of these sites and put h8srt rootkit in the subject of your post and register with one of them. They can tell you the proper tools to use and how to get your computer cleaned up. I wouldn't use the computer too much and get to one of these sites and follow their instructions to the letter. Good luck with getting it removed.
You will need to go to one of these Forums for assistance to remove this malware.
It is almost as if this infection knows what I am about to do, everytime I try to go to one of these sites, it shuts down my internet explorer! I can go to almost any other site fine, but not to any antivirus forums (except for this one... i can't explain it!) It is VERY frustrating! I luckily got into panda security, and it worked, but I can't go to many others between that one and this one...
Try installing a different browser such as Safari. Some rootkits have very large disallowed lists, and it can be difficult getting around them. Do you have access to a different computer if neccessary?
Had the same problem with 2 laptops XP professional and Vista home basic. Had to down load combofix on an uninfected PC and save to an Sd card. Changed file from combofix.exe to first.exe, fired both CPU up in safe mode with networking and installed combofix. After countless popups , combfix stopped the popups and finished, it rebooted and was able to download and install malwarebytes and ran a full scan. Malwarebytes cleaned and quarantined the rest any bad files and everything is working great now.
The OP is best to go to one of the forums where damage to his system can be avoided or minimized. Combofix, while useful can also have some unexpected and unfortunate effects on the operating system. We don't know if the user has system discs in case a reformat becomes necessary.
If there is another option all the better! Had safari,firefox and IE8 on both and wouldn't let go any security site at all. My coputers are both Acer's so reinstalling the operating system wasn't a concern for me. Very good point!!!
After reading this thread, it looks like we may have to find some other remediation sites to send people who have rootkits or other bad malware than the ones we have been sending people to. I wonder if these remediation sites have alternate names or sites so that people can get to them.
Either that, or else Symantec has to set up a remediation board right here with all the proper rules and correct setup like these other sites use so that it can be safe for the users and the one doing the remediation. I know i have mentioned this before, but the need for something like that seems to become more necessary as the days go by if people can't get to these other remediation sites, but still can get here. It's almost like someone is spying on this webiste and seeing that rootkits aren't getting fixed in this site any more, so this forum is still safe for people with rootkits.
Yes was able to boot into safe mode with networking, but It wouldn't let go to security sites still. Had to do it with networking because combofix need to download windows recovery tool.
Yes I was able to do safe mode with networking but it still wouldn't let me go to sites... I am now using another laptop to avoid using that computer until I get some answers. I posted in the cybertechhelp.com forum so hopefully I can get this sorted soon! BTW I don't have a reboot disk, sadly, though you can bet I am making one after all this is over!