Getting to the Root of the Problem…

by admin on Sep 25th in Software Recommendations, Virus/Malware Problems

Well, I just finished working on a client’s system and it nearly did me in.  Somehow (they claim they didn’t click on anything) they contracted what appeared to be some typical malware/spyware garbage.  After using my typical process of using MalwareBytes, SuperAntiSpyware, Microsoft Security Essentials, and of course, CCleaner, it seemed all was well.  However, I was about three blocks away when I got the call that it was back. 

Sure enough, the system continued to open Microsoft Devlopment Environment and MSE kept finding malware and claiming to clean it.  Upon further inspection, I found that IE would open, and for the most part it seemed fine.  However, it wouldn’t go to Windows Update or allow me to update MSE.  Something was amiss.  I even resorted to my ‘only use in drastic measures’ ComboFix, and while it claims to have found and resolved the issue, upon rebooting, we were back to square one. 

Enough–I took the system to my workshop and tried every form of anti-malware, anti-spyware, rootkit remover, etc.  But it kept coming back.  Now, I know at this point everyone says to just format and start over.   Fine if it is your machine, but for a client, that just isn’t always an option.  Googling the name of the apparent rootkit I had (TDS4), I was directed to ‘Unhackme’.  This is software made by Greatis.  I downloaded their trial version, paid the $14 to download an ISO for a bootable PXE, and ran it.

It worked!  It found it, cleansed it, re-ran it, cleansed some more, and upon re-booting, everything was working.  Oddly enough, the machine also seemed to boot faster, shut down faster, etc.  All that to say, I am now the proud owner of the full version of the software, and am anxious to try it out on some more stubborn root kits!  Seldom do I recommend commercial software, but this one did what no other could do…a real winner in my book!

One Comment

  1. Judson Sibayan

    Warning: Use of undefined constant wp_twitip_id_show - assumed 'wp_twitip_id_show' (this will throw an Error in a future version of PHP) in /home/marshill/www/poi/wp-content/themes/worldoweb/functions.php on line 28

    23rd October 2010

    New spyware and computer virus come out on a daily basis and the only way you can keep up is by making sure your spyware removal program gets all new updates as soon as they become available.

Leave a Reply

Please note: Comment moderation is enabled and may delay your comment.

Powered By Wordpress Designed By Ridgey