0

I'm infected with rootkit.gen (specifically: swerftx.sys, unique code IQ1LCWD7) at LBA sector 0 of my MBR. It's a "highly severe" Trojan which can enable a remote computer to take over my computer, among other things. Webroot Security Essentials (incorporating Spy Sweeper) is unable to remove this Trojan, so I assume that most other such programs are also unable to do so. I don't want to pay a Webroot consultant $100 to remove it for me, so I'd like to remove it myself.

However, I'm now reading the following online at the University of Minnesota's Safe Computing website (see http://safecomputing.umn.edu/guides/scan_unhackme.html):

Rootkits are a special kind of malware that are specifically designed to hide the activities of other viruses and worms, and compromise the operating system so that it may not be repaired. If your machine is infected with a rootkit, you will very likely not be able to regain complete control of the system. Reinstallation is highly recommended.

However, there are exceptional cases when you absolutely need to attempt to repair the system. Although no tool can guarantee results for rootkit identification and removal, there is at least one program which has show limited success from time to time in this area. It's called UnHackMe.

It goes on to say:

Remember that in computer security there's no such thing as a silver bullet, and that you can't be certain which files were compromised by the viruses, worms and trojans on your machine. If you've been infected, you could still have "backdoors" riddled throughout your computer's operating system, and you should think very hard about reinstalling your operating system, and starting over from scratch.

Does anyone know if you can never really be certain if you've succeeded in completely removing a rootkit? I'll reinstall the system and all my software if I really have to.

3
Contributors
2
Replies
3
Views
7 Years
Discussion Span
Last Post by Acrimonus
0

Does anyone know if you can never really be certain if you've succeeded in completely removing a rootkit? I'll reinstall the system and all my software if I really have to.

Most experts would tell you that, when cleaning rootkits, you should never assume you got all the baddies.
Essentially, outside of wiping the hard drive and re-installing OS, you can never "trust" that machine again......

If your usage involves a lot of sensitive data (online banking, etc...) it would be best to wipe and reinstall.
Yet another reason to remember to back up on a regular basis all the stuff you don't want to lose.

-- Personally, I do enjoy the challenge of trying to clean these infections. But, if it were my computer, I'd clean it (again for the challenge and my own edification) and then wipe the drive and reinstall.

Best Luck :)
PP

0

Rootkits are typically a death sentence in system security, they are hard enough to find let alone remove. Wipe your hard drive, don't take the chance, security should never take second place (like it tends to).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.