Thetownend.com

keep getting this notice that I have a rootkit in my system and that I should delete it. Thing is, it won't let me delete it. Is it a virus and if so, how can I get rid of it?

What is issuing the notice? Anti-virus software? Or something else?

I'm no expert but I rootkits can be really bad shit, reinstall Windows kind of bad shit.

Jonny is right. It takes a proper expert days of work to get rid of a rootkit. Better off starting from scratch.

Before you do anything rash, let us know the program causing the alert. As jonny alluded to, a lot of dodgy messages appear from suspect third party apps just to get you to buy their software. There may actually be no rootkit at all, although if you're getting dodgy messages you at least have some form of malware present.

Worth a try

This is the best antirootkit on the market and its free, just sign up to it with a fake name and address, no real registration needed as it just chucks up the download link as soon as you click on next.

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

I'll take a look tonight. cheers for the advice.

right, I'm getting this:

C:\Windows\System32\Drivers\vjmxh.sys
hidden services
Win32:Rootkit-gen [Rtk]

days of work is a bit of an exaggeration, its not rocket science

I'll come online later this evening probably about 9pm and will help you out. I think we should be able to remove this tonight, I don't reckon it's more than an evening's work, hopefully only an hour or two to confirm your computer is clean.

top man. I'll see you then...

Another chat roulette fan.

This was a pain in the backside to remove. In the end I used a great tool which identifies rootkits and allows you to kill the hidden process before deleting. Nothing else would work, took many attempts but sorted it out using remote assistance.


I'd only use it if you have a decent knowledge of computers, don't want anyone to fuck their pc up.

How long did it take?

three/four nights of Si's time, for which I am eternally grateful. Cheers Si!

Quite a few hours, spread over several days. It would have been easier and a lot quicker if the computer was physically in front of me. We wasted much time just getting the remote desktop to work.

Having said that, had I used the gmer tool to start with it would have taken a fraction of the time, even remotely, so it really does come highly recommended.

The tools I used were as follows:

Avast anti-virus
Malwarebytes Anti-Malware
Trend Micro HijackThis
Gmer.exe
Windows System Integrity Scans in the command line
Remove the offending file manually
Tried to remove the offending file using the command line as well and it wasn't having any of it
I think Juddie had also run online scans and Spyware Doctor

In the end I disabled system restore, unlocked and stopped the hidden process with gmer.exe, scanned and removed the offending file using malwarebytes (after I had confirmed it was a completely bogus sys file). Run a system integrity check to make sure there were no issues and then re-enabled system restore once all scans were coming up clean. Probably one of the most persistent things I've come across.

That probably means you have grounds to quote someone above and use your catchphrase :)

Thought so, Cheers Si.

I've never seen that gmer thing before. It's pretty good, even just for info on running processes and threads. Could really help with manual fine-tuning of a Windows OS (if you're into that sort of thing :)).

Yeah I'd never heard of or seen it before the other night when I was getting very pissed off.

Apparently the website got loads of attacks because it was meant to be that good.

On a remote desktop related thing, have you tried Teamviewer, it's free (if it's not for commercial purposes) and it's fucking ace. I used to use it and really recommend it for remote accessy rubbish, as it only takes seconds to get up and running, supplemented with phone or AIM of course.

Cool, I'll remember that

Add it to the free software list you lazy welsh git.

I need to update a lot, not just that list. Not had the time recently.

Get on it then.

Yeah, Si, you can't take these things on and then be half-arsed.

Oh believe me, I can :)