Question by : Will Windows 7 “System Restore” Option Eliminate Rootkits?
I have a rootkit somewhere deep on my PC and unfortunately Malware Bytes and AVG can’t apparently detect it. I’ve read around and most people say a complete OS reinstall is the only way to guarantee a secure PC.
Unfortunately as well for me is the fact my PC was preinstalled with W7 Home Premium, and did not come with any back up disks/codes for reinstallation. My question is whether or not the System Restore function under “Control Panel\All Control Panel Items\Recovery” will suffice? Or would the factory reset option (hopefully) accessible from the reboot menu work?
If you have any answers, including possibly software capable of removing this particular rootkit, please let me know.
As for the rootkit itself, all I know is that it occasionally redirects me randomly from Tumlbr.com(I can could be clicking on anything, not just someone’s link/name), and maybe other sites(not aware yet) and takes me to a a place called “Askthecrew.net”
Thanks
Best answer:
Answer by Caliban
That is a browser hijack virus.
I would try installing what I use:
Microsoft Security Essentials.
http://windows.microsoft.com/en-US/windows/products/security-essentials
I have had no problems since using MSE.
You might also want to run the MSE or your programs in the Safe Mode.
Know better? Leave your own answer in the comments!
A) Restore Discs – Just FYI, check to see (in your Start menu) there is a Maintenance folder with an option “Create Rescue Disc” … this will not solve your issue, though it will make the “recovery CDs” … my Windows 7 Toshiba was the same way, not coming with any discs… I am against the idea since not every user knows how to create the discs and if you buying a computer, they should include a few CDs with the needed software if you ask me.
B) Anyway, as far as the rootkit, I am against (if possible… sometimes it IS needed) a complete reinstall as a suggestion….. First I would say that AVG is not too good in my option. I would opt for Avast or Avira (for free choices), when your computer is back to normal
C) http://www.softpedia.com/get/System/Boot-Manager-Disk/UBCD4WIN.shtml is a bootable CD you can run Malwarebytes and even Combofix (below) from if you have trouble running them from Windows.
D) A common fix for some infections is as follows (I am not saying it will work for you, but it’s worth a shot)
1) Reboot to Safe Mode
2) Run RKill (remember to get Rkill from a legit site)
3) DO NOT REBOOT … still in safe mode, NOW run Malwarebytes
4) Reboot and (just a tip: run a full AV and Spyware scan “just to be double-sure your infection
free”) and test programs and the stuff you normally use to see if everything is back to normal
E) http://www.bleepingcomputer.com/combofix/how-to-use-combofix is an option, though I would be careful with it. I have seen it help really infected computer, though I suppose it can cause more harm then good, for those that don’t read every step and just “click anything” without knowing what it does first.
F) I would suggest trying http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller has Kaspersky’s (the company’s who makes one of the my non-free AV suggestions … the other being Eset’s NOD32) TdssKiller
Good Luck,
Xmetalfanx