hi, can anybody please help me removing this nasty virus, "hacktool.rootkit". everytime i open local drives in my computer, they get open in a different window and norton antivirus pops up giving details of the above mentioned virus. everytime with a different location specifying that it has been deleted. no virus or any kind of other threat is detected in full system scan.
i would like to specify that i have alredy visited other similar threads but could not get rid of the problem. so i really require a elaborate and a patient help......please please help me with this problem. do reply as soon as possible..........

Recommended Answers

All 18 Replies

Hi sampada,

This is Mike from the Norton Authorized Support team. I would like to help you resolve this issue, but I need a little bit more information to give you the proper steps.

The first thing I would do is run the LiveUpdate feature , which will download and install the latest definition and product updates. Are you familiar with LiveUpdate? After those updates are installed, running a full system scan should detect the rootkit and quarantine it, and allow you to remove it from your system.

Please reply back to this thread and let me know the answers to the following questions, so that I can provide you with step-by-step instructions.

1. Which version of Windows are you using ?

2. Which Norton product you are using and which version?

Thank you,

Mike

hi, thanks for looking into the problem. as u said, i did download and install latest definitions and product updates and after the full system scan, norton showed presence of three viruses which were deleted by it. but now, i think that problem has severed. drives which were opening in a separate window are now not even getting opened, neither by right clicking them. wat should i do next.

i have windows xp and using symantec norton protection centre (version 2006)

virus detected during full system scan was "W32.Gammima"

Hi sampade,

The "w32.gammima is a worm that attaches a file to all of your drives from C: to Z:. If you are having problems opening drives on your computer, than you may have to do some Registry editing to completely remove the worm.

Are you familiar with using the Registry Editor in Windows?

Are you familiar with the Windows XP function called "System Restore?"

Please let me know and I will direct you to the proper instructions.

Thanks,
Mike

no i am not familiar with registory editor in windows and i have a very little idea about system restore but don't know how to proceed........
will doing registry editing make me loose all my data?

hey, why are you not replying? please suggest me what should i do furthur.....

Don't worry!

First, clean junk files off of your computer- just in case its hiding there. This will help you: www.ccleaner.com

Then update whatever virus/malware protection you have and run a full scan with it. If it/they doesn't/don't detect your problem, try some free online scans. Here's a bunch that I know of:

Kaspersky Free Virus Scan http://www.kaspersky.com/virusscanner

Trend Micro HouseCall http://housecall.trendmicro.com/

Microsoft Live OneCare Safety Scanner http://onecare.live.com/site/en-us/default.htm

BitDefender Free Online Scanner http://www.bitdefender.com/scan8/ie.html

McAfee FreeScan http://us.mcafee.com/root/mfs/default.asp?affid=294

Windows Malicious Software Removal Tool http://www.microsoft.com/security/ma...e/default.mspx

Symantec Security Check http://security.symantec.com/sscv6/d...d=ie&venid=sym

Panda ActiveScan http://www.pandasecurity.com/homeuse...ns/activescan/


If your problem persists you can try a system restore. Go Start>All programs>Accessories>System tools>System restore. Click next, choose a restore point that is at some point before your problems started occuring (hopefully you have a few) and the program will guide you through it- its simply a series of "next"s and "ok"s, really, but read everything!

It would be a very good idea to back up any important data before proceeding with any troubleshooting, just in case! But try to save as little as possible, lest you bring the virus with those files.

Good luck! Post back with your results/questions,

--The Comodore

Hi sampada,

I'm sorry for the delay in responding. Since you already have Norton installed and have run all of the updates, and ruan a scan, the next thing to do is to us the Norton Online Scanner. Please click the following link: Symantec Online Security Scan

Once the scan has completed, please post back here and let me know the results.

I promise to do my best to help you step-by-step.

Thanks,

Mike

Michael York
Norton Authorized Support Team
Symantec Corporation
http://service.symantec.com

here are the results of symantec online security centre:
Security Status: Safe!
You are protected against most common security threats.


= At Risk! = Possible Risk! = Safe

Hacker Exposure Check Show Details

Hide Details

Description:
Tests your TCP ports for unauthorized Internet connections.

Analysis:
Your computer appears safe from most common intrusions. To learn more about the threats you are protected against, view a detailed analysis of your test results.

Windows Vulnerability Check Show Details

Hide Details

Description:
Tests whether basic information, including your PC's network identity, can be seen by hackers.

Analysis:
Your computer's identity is secure. However, this does not mean you are completely safe from all Internet security threats.


Trojan Horse Check Show Details

Hide Details

Description:
Attempts to test for access to your computer through methods commonly used by Trojan horses.

Analysis:
Your computer and data are not vulnerable to Trojan horse attacks. However, Trojan horse threats are constantly evolving, and unless you have a personal firewall and current virus protection, you're not completely safe. To learn more about threats you are protected against, view a detailed analysis of your test results.

Antivirus Product Check Show Details

Hide Details

Description:
Checks for a current version of a commonly-used virus protection product.

Analysis:
Your computer is running virus protection software and you are at low risk to virus attacks. However, viruses are constantly evolving and you need to keep your virus protection current to stay safe.


Virus Protection Update Check Show Details

Hide Details

Description:
If you have a virus protection product on your computer, this test checks the date of your most recent virus protection update. If the updates are more than two weeks old, they are not considered current.

Analysis:
Your virus protection has been updated recently and you are at low risk for virus attacks. However, viruses are constantly evolving, and unless you keep your defenses current, you're not completely safe.


Solution: Install All-In-One Security
Norton 360™: Keeps hackers out and personal data in with comprehensive, automated protection with our proven PC Security & PC tuneup technologies PLUS new antiphishing and automated backup.
More Info
See a Demo


Compare Products


Virus Status: Safe!
Your computer is free of known threats.
Virus Status: Infected!
Your computer is infected with at least one known threat. Virus Status: Unknown
The Scan was unable to determine your vulnerability status.


42355 files scanned, 0 file(s) infected on your disk drives.


No viruses were detected in memory.

Your computer is free of known threats. Virus Detection does not check compressed files.

Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.

Hi sampada,

It appears from the log file that your computer is now free of infection. One thing I forgot to ask you to do, is to run Windows Update, to make sure that you have all of the Windows Security patches applied.

If you are still experiencing problems, could you please respond back and let me know the details of what is going wrong. Please try to be as specific as possible in your response.

Thank you,
Mike

the problem now is that on double clicking the drives it tells to choose the programme for opening the drives.....the drives don't get open even after choosing the recommended programmes. they can be opened only from the address bar.
i have come to know that the virus which i hv in my laptop does no harm to the system or data stored except for opening the local drives.
on running windows update, i was informed that my pc did not pass genuine windows validation.
the virus detected now, after full system scan was "Infostealer.Gampass"

Try my earlier suggestions. Here's an updated list of free online scans:


CA Virus Scan: http://www.ca.com/us/securityadvisor/virusinfo/scan.aspx

CA Malware Scan: http://www.ca.com/us/securityadvisor/pestscan/

Trend Micro HouseCall http://housecall.trendmicro.com/

Microsoft Live OneCare Safety Scanner http://onecare.live.com/site/en-us/default.htm

BitDefender Free Online Scanner http://www.bitdefender.com/scan8/ie.html

McAfee FreeScan http://us.mcafee.com/root/mfs/default.asp?affid=294

Windows Malicious Software Removal Tool http://www.microsoft.com/security/ma...e/default.mspx

Symantec Security Check http://security.symantec.com/sscv6/d...d=ie&venid=sym

Panda ActiveScan http://www.pandasecurity.com/usa/

---Under this line does not remove, only finds, threats---

Kaspersky Free Virus Scan http://www.kaspersky.com/virusscanner

Webroot free scan: http://www.webroot.com/En_US/land-spysweeper-freescan.html

Prevex free scan: http://info.prevx.com/downloadcsi.asp


Also, you may want to download and run AVG Anti-Rootkit http://free.grisoft.com/doc/5390/us/frt/0
(your first infection was a rootkit, correct?)

Good luck,

--The Comodore

Hello, sam...
==Download SDFix from here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\

==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
=You must restart your computer in Safe Mode:
- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.

well i have tried the online scan and also tried what was posted by gerbil. but no use. problem is still the same.........please give me some more suggestions..........

Download + Run AVG Anti-Rootkit free edition

i have already tried that. even that made no difference.

Hello, annemarie, if you still cannot get your drives to open except from the address bar then use this registry fix from Doug Knox [he has a great reputation...]. It will restore some reg entries that may have been altered.http://www.dougknox.com/xp/fileassoc/xp_drive_association_fix.zip
Unzip the file, dclick the .reg to run it... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....

Oh, and if your OS still does not validate may I suggest you work through the detail of this article?
http://www.pchell.com/support/windowsgenuineadvantage.shtml
Start with "I have a legal copyof..., but...", run the M$ diagnostic and then so on...

And either XPPID.exe or RockXP4.exe will enable you to easily reload your valid authentification key again. Get either on the net from a rep site.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.