Jump to content

Very interesting (spoiler alert) Rootkit

malware rootkit explorer.exe no operating system found

  • Please log in to reply
4 replies to this topic

#1
HouseAtreidies

HouseAtreidies

    Advanced Member

  • Full Member
  • 31 posts
  • LocationJacksonville FL
So its a quad core 3g ram win7 home premium  asus aspire laptop that "doesn't work". I fire it up and get black screen with message " No operating system found" looks similar to MBR missing, etc. So I take out the hard dive and hook it up to another machine. I find win 7, seems fine. I plug the hard drive back in and boot to  live cd (hirens 15.9). Partition magic doesn't work but boot mgr lets me boot to D: (os). says os not found. I reboot to hirens and boot to recovery, factory restore, delete all partitions.........exe.
Immediately after startup explorer.exe crashes. And continues to crash every second. NNNNIIICCCEEE.
I restart, boot to safemode. Now explorer.exe only crashes every 5 seconds, allowing me to click some stuff...I dl malwarebytes, run full scan. nothing. DAFUQ?!  I dl kasperskys  TDSS killer and check "detect TDLS file system" run it and BAM! rootkit detected. clean it, restart, run hitman pro, spybot, msse(the new av I installed) eset on demand, and sas. (shotgun approach) . results? nada but some cookies. Crazy. Shes happy, sewing me a quilt in fact. oh, one last thing, ran TDSS one more time just to be sure and it found some medium threat partition...I deleted it but........(tales from the darkside music)
" I don't want to belong to any club that will accept people like me as a member." -Groucho Marx

#2
Psycho29388

Psycho29388

    Advanced Member

  • Head Admin
  • 1,342 posts
  • LocationThe InternetZ
That is some spooky shit right there.

#3
Mace

Mace

    Advanced Member

  • Registered User
  • PipPipPip
  • 81 posts
  • Battlelog:Mace-USA
  • LocationGrand Rapids, MI
Better off getting all her personal data off the comp and fresh install from another source (sounds like the backup OS data from the manufacturer has been compromised) and use the volume license that came with the computer. Nuke it baby!

Posted Image


#4
Ramstik

Ramstik

    Advanced Member

  • Registered User
  • PipPipPip
  • 406 posts
  • LocationCalifornia
Nice work on the diagnostic. Get yourself a copy of Avast Pro Antivirus. It scans for rootkits using TDSSKiller's engine and definitions I believe.

I'd do what Mace said. Get as much personal data off as you can, and wipe the drive. Not just a reformat either - i'm talking about zeroing the drive at least once.

Unless you've got three days to a week to spare, to zero it 36 times like a baus. (my laptop can do this)
\\Ramstik

#5
Zutroy_II

Zutroy_II

    Advanced Member

  • Registered User
  • PipPipPip
  • 57 posts
  • LocationCanada

View PostRamstik, on 31 January 2014 - 02:34 PM, said:

i'm talking about zeroing the drive at least once.

While I wouldn't say zeroing the drive is really necessary, what the hell

http://www.dban.org/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users