Rootkit halp pl0x

[2dgreengiant]

lolololololololololololol.


2d being 2d was messing around with some crypters and managed to get my pc ifnected me thinks.

Now my Anti Virus picks up a hidden driver as a root kit and it removes it but after every restart the rootkit comes back in the same place:

Windows\System32\Drivers

But under diferent names. Currently its called ahd1rewd.SYS

Tried going into safe mode but it keeps renaming itself. Any ideas what i can do APART FROM FORMAT!!

+11 for any help.

~2d~

[Ground Zero]

Format your computer?

[Gastricpenguin]

not a format, a REformat c:

[JD]

Oi, you should've waited for me to get you my crypter slacker xP Now you have to Reformat C...

[The-Eradicator]

The first thing i'd try in this situation is MRT. Without more specific details to find out what the virus is there's not much you can do besides scans. If at any step you find something post it up here.

1. Download and run this. Select Full Scan.

Note: This can take up to twelve hours. Just leave it running during the night.

2. Open up Windows Explorer and look at C:\WINDOWS\system32. Sort by date. Look for anything (specifically, DLLs) added in the past few days (since the day before you noticed the virus). If you find anything and don't know what it is post it here.

3. Run a scan with Malwarebytes' Anti-Malware.

4. Run a scan with the AVG Rootkit Scanner.


If none of that works you're either going to reformat or start getting fancy. While I wouldn't recommend it unless all else fails, you can start by running SDFix, Combofix, and posting a HijackThis log.

[2dgreengiant]

The first thing i'd try in this situation is MRT. Without more specific details to find out what the virus is there's not much you can do besides scans. If at any step you find something post it up here.

1. Download and run this. Select Full Scan.

Note: This can take up to twelve hours. Just leave it running during the night.

2. Open up Windows Explorer and look at C:\WINDOWS\system32. Sort by date. Look for anything (specifically, DLLs) added in the past few days (since the day before you noticed the virus). If you find anything and don't know what it is post it here.

3. Run a scan with Malwarebytes' Anti-Malware.

4. Run a scan with the AVG Rootkit Scanner.


If none of that works you're either going to reformat or start getting fancy. While I wouldn't recommend it unless all else fails, you can start by running SDFix, Combofix, and posting a HijackThis log.

Finally thank you a good and helpful asnwer thats not realted to ****ing formatting

[[Ban Hammer]]

You owe him some rep don't you my dear 2d?

[2dgreengiant]

******* :P i cant as i already did it recently fgt.

/closed as issue solved