rootkit recovery help

F

fuzzdemon

New Member
Im using Windows 7 ultimate x86.

I installed a virus by accident (rootkit zero access)

I ran combo fix and it removed it, the damage is to my windows update, it gives me error 80096001.

I read somewhere that if the usual windows update fixes dont work you need to open a new administrator account and do something from there but I cant find the site again to find out exactly what I need to do. Ive been trying to find it for days now.

I always turn off system restore off so I cant use that, this is my first virus in 15 years and ive never used anti virus programs either, until now.


Id really appreciate any help especially if someone knows how to do this new admin account method.

Thanks very much
Gareth
 
I had this on a PC yesterday, had to bite the bullet in the end and remove the data then reload windows.

I spent over 6 hours on it yesterday, not again. As soon as I see it now its gonna be data off, reload.

Just so happens I have one on my desk at the moment with the same rootkit, guess what? Thats already being reloaded!

Not what you want to hear but probably the best way round it.
 
GaryCantley said:
I had this on a PC yesterday, had to bite the bullet in the end and remove the data then reload windows.

I spent over 6 hours on it yesterday, not again. As soon as I see it now its gonna be data off, reload.

Just so happens I have one on my desk at the moment with the same rootkit, guess what? Thats already being reloaded!

Not what you want to hear but probably the best way round it.
Click to expand...

I read your thread and hundreds like it and this is my last hope before I do the format myself. To be honest id advise anyone to reinstall their OS after a virus just for peace of mind but its really awkward for me at the moment until I buy a new drive.

Just adding this picture to show what combofix said in case it helps.

Untitled.jpg
 
Last edited:
Yep that picture looks familiar :)

IIRC, the next message, after rebooting, reads that there is a rootkit and it may take sometime to remove it.

Failing to connect after another reboot and running combofix again you will return to the message in your picture.

Good luck!
 
If system restore was enabled, you probably would be back in business by now. I have no idea why users tend to disable system restore, its used in cases like this to restore your system to a prior date in case disaster strikes.

The zero access rootkit is pretty nasty. Half the time, system restore will work and other times it won't. And not running an antivirus is just asking for problems. An anitivirus program is your first line of defense. Yeah, it may not protect you 100 percent but it will protect you better than running without antivirus protection all together. If I was someone that always ended up getting infected then I would have to break down and get the paid version of malwarebytes as it always keeps up to date on the latest threats and updates sometimes 3 times a day.

At this point in time, you will most likely have to format and reinstall windows.
 
Thanks for your input guys, I was pushing my luck expecting a quick fix to this so I formatted, just finished installing programs and updates and im back in business.

The problems I had were WU error, constant ICMP flooding errors and random internet connection drops, otherwise win7 ran fast and error free.

It took me 6 days to try to fix this and only 3 hours to reinstall win7 and all the updates and programs.

The reason I turn off system restore is whenever ive needed to use it its never been 100% reliable so the space and resources it uses dont seem to be worth it in my case. Like you say its may or may not help but a format is always easy enough for me.

I havent used anti virus for so many years because ive always been so careful, I knew the risk before I ran the file and paid the price :o

Thanks again for the help, always appreciated.
 
You must log in or register to reply here.
Back
Top