windows 8.1 rootkit problem

pekizz

New Member
Messages
13
hi ! im quite new to these forums, but i think some of you might help me.

i was dealing with some torrents of different games, and i got rootkit infection from those. i scared quite a bit, and o readed from somewhere that if i reinstall windows COMPLETELY it will get deleted. well, i did that. after i updated windows and all that stuff, i noticed that my disk usage is all the time around 98-100%, and i didnt even use the pc. i ran antivirus scan with free version of avast. it said that i got 3 infections. they were all rootkits, and i clicked on 'delete'. it didnt do anything, just stayed there. i changed the option to 'move to karantine' - same thing, didnt do anything. well i kept spamming both of them, and then avast asked me to restart my pc and ran a scan when windows starts. i didnt do that. then i ran a scan with antibytes malware, and it said that i didnt have any infections. i reinstalled windows once again, and ran antivirus several times. nothing. i also ran some rootkit finders like rootkitrevealer, roguekiller,tdsskiller and spohos virus removal tool, and they found nothing. i also tried with antibyte malware's own rootkit finder, and it didnt find anything. now my disk usage is normal, but im still quite scared that if i have the rootkits. so do you guys have any ideas, any really powerful rootkit finders, any suggestions anything, what i could do? or did i got rid of the viruses ? im quite new to viruses and such since i havent had much to deal with them, but this one really shocked me.
 

My Computer

System One

  • OS
    windows 8.1
Torrenting games and got hit with Rootkits - oh dear what a shame........

Anyways, you might need to do a complete reinstall of windows using your install disc
 

My Computer

System One

  • OS
    Windows 8
Torrenting games and got hit with Rootkits - oh dear what a shame........

Anyways, you might need to do a complete reinstall of windows using your install disc
well, im running windows 8.1, and i did full reinstall of windows. in english its something called' delete everything and reinstall windows' from the left bar, and i opened that. there was some options and i took the one where it cleans everything, including all drives and everything. its basicly same as when u get a new pc, that state. and i dont have any windows discs, they didnt give me one with the pc. so any other ideas ?
 

My Computer

System One

  • OS
    windows 8.1
With the action you took with your recovery partition you should be OK unless the recovery partition got infected also. I suggest that you order the Recovery Disks from your computer manufacturer in the event it happens again. You would format the drive entirely before using your recovery disks.

Yes your disk usage will be high in the beginning after restoring your system. Windows is doing housekeeping and maintenance but should return to normal after 1 or 2 days.
 

My Computer

System One

  • OS
    windows 8.1 Update 1 Pro 64bit
    System Manufacturer/Model
    Pavillion H8-1202
    CPU
    I7-2600 @ 3.4 GHz
    Motherboard
    PEGATRON
    Memory
    8 GB
    Graphics Card(s)
    NIVDIA GeForce GT 520
    Sound Card
    Realtek ALC656GR CODEC
    Monitor(s) Displays
    Samsung SyncMaster S22B350
    Screen Resolution
    1920X1080 32 bit color
    Hard Drives
    Samsung 850 EVO SSD 500GB
    Keyboard
    Razer Blackwidow Ultimate 2013
    Mouse
    Logitech M510
With the action you took with your recovery partition you should be OK unless the recovery partition got infected also. I suggest that you order the Recovery Disks from your computer manufacturer in the event it happens again. You would format the drive entirely before using your recovery disks.

Yes your disk usage will be high in the beginning after restoring your system. Windows is doing housekeeping and maintenance but should return to normal after 1 or 2 days.
well, i made few days ago bootable usb back up file, so should i restore the point from there ?
 

My Computer

System One

  • OS
    windows 8.1
For information, only formatting/reinstalling Windows isn't enough for the nastiest rootkits that can affect your MBR. Repartitioning might help but not always. The safest solution is to wipe or fix the MBR. And this done from an external drive (or CD/DVD) from which you boot (to be sure it hasn't been affected by the rootkit too).

Here is a tutorial to fix the MBR : MBR - Restore Windows 7 Master Boot Record - Windows 7 Help Forums

Also don't count on refresh/restore to get rid of this kind malware. When talking about reinstall, it's assumed to be from a clean install disc, something read-only to be safer.

If your usb key was made after you got infected, you might be out of luck.
 

My Computer

System One

  • OS
    Windows 8.1 (x64)
    Computer type
    PC/Desktop
For information, only formatting/reinstalling Windows isn't enough for the nastiest rootkits that can affect your MBR. Repartitioning might help but not always. The safest solution is to wipe or fix the MBR. And this done from an external drive (or CD/DVD) from which you boot (to be sure it hasn't been affected by the rootkit too).

Here is a tutorial to fix the MBR : MBR - Restore Windows 7 Master Boot Record - Windows 7 Help Forums

Also don't count on refresh/restore to get rid of this kind malware. When talking about reinstall, it's assumed to be from a clean install disc, something read-only to be safer.

If your usb key was made after you got infected, you might be out of luck.
the usb was made like a week ago, and i got infect yesterday. its recovery drive, so should i boot windows from that ?
 

My Computer

System One

  • OS
    windows 8.1
the usb was made like a week ago, and i got infect yesterday. its recovery drive, so should i boot windows from that ?
Sure. If the Recovery console is included on your USB stick, follow the tutorial I linked, format your OS drive, then reinstall.
 

My Computer

System One

  • OS
    Windows 8.1 (x64)
    Computer type
    PC/Desktop
20141009_194107.jpg
k, im in this part where it asks if i want to repartition the drives, which one i should choose? I dont mind losing everything, but i need quick answer. Typinh this with phone so ignore the typos
 

My Computer

System One

  • OS
    windows 8.1
the usb was made like a week ago, and i got infect yesterday. its recovery drive, so should i boot windows from that ?
Sure. If the Recovery console is included on your USB stick, follow the tutorial I linked, format your OS drive, then reinstall.

Im not quite sure if u get any notice that i replied here so im just gonna quote you if that helps
 

My Computer

System One

  • OS
    windows 8.1
Yes you might as well repartition your drives.

Forge everything up there, i didnt do anything with that. I followed the instructions of the link u gave me and heres picture what the console looks like now20141009_202757.jpg

so i did everything right ?
 

My Computer

System One

  • OS
    windows 8.1
Yeah. But I'd advise you to still reinstall Windows from your usb.
 

My Computer

System One

  • OS
    Windows 8.1 (x64)
    Computer type
    PC/Desktop
Just to make sure that i did it right. In the part where it asks if i want to partition the drives, i selected yes. After that it asked that if i want to keep my own files or fully wipe the drive, i selected fully wipe the drive. Is that ok ? Ita currently restoring the factory settings
 

My Computer

System One

  • OS
    windows 8.1
A rootkit installs a hidden boot partition on your drive that generally does not show up on Disk Manager. It is possible for a rootkit to survive a reinstall if the disk is not wiped properly. The rootkit will be at the end of the drive, hidden & between 1 - 10 MB depending on the variant.

After restoring the factory settings, d/l & run TDSSKiller. Run a scan & see if it finds anything.

TDSSKiller Download

When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
A rootkit installs a hidden boot partition on your drive that generally does not show up on Disk Manager. It is possible for a rootkit to survive a reinstall if the disk is not wiped properly. The rootkit will be at the end of the drive, hidden & between 1 - 10 MB depending on the variant.

After restoring the factory settings, d/l & run TDSSKiller. Run a scan & see if it finds anything.

TDSSKiller Download

When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.
the things ive done:

scanned with avast, found 3 infections. some how deleted them. after that ran with antibytes malware, antibytes malware rootkit, several different rootkit finders and it didnt find infection.

then i reinstalled windows, did scans and such, didnt find anything. then i did as oneeyed told me to do, i did this: MBR - Restore Windows 7 Master Boot Record - Windows 7 Help Forums ( i had usb recovery drive made some days ago, before the infection). after ive had done that, i reinstalled windows one more time.i also ran the tdsskiller, and did what u told from the 'change parameters', and it didnt find anything. u think im safe now ?
 

My Computer

System One

  • OS
    windows 8.1
Most likely it is gone. I would keep an eye on your PC & run a full system scan with your AV/scanners to see if anything turns up, simply because viruses have a nasty habit of inviting other unwanted guests to your PC once infected.

If you want full closure on if it's gone or not, there is a program called GParted. It is a bootable partition manager. You'll need to make a bootable CD/USB & run it at boot time. Instructions are on the site.

GParted -- A free application for graphically managing disk device partitions

A rootkit will show up as a hidden boot partition at the end of the drive.

Since the other rootkit scanners showed a clean reading, I would save this in case you have any doubts about your PC being clean.
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Most likely it is gone. I would keep an eye on your PC & run a full system scan with your AV/scanners to see if anything turns up, simply because viruses have a nasty habit of inviting other unwanted guests to your PC once infected.

If you want full closure on if it's gone or not, there is a program called GParted. It is a bootable partition manager. You'll need to make a bootable CD/USB & run it at boot time. Instructions are on the site.

GParted -- A free application for graphically managing disk device partitions

A rootkit will show up as a hidden boot partition at the end of the drive.
i cant really understand what i need to do ? i got the old usb stick with the recovery drive on it, should i format it and use that ? i really dont understand the site that well D:
 

My Computer

System One

  • OS
    windows 8.1
Don't format the USB with your recovery info. You need that for down the road.

I would say don't worry about running this now since the other scanners showed all clear. However, this is a good program to have & you may want to make it for down the road. The file is in .ISO format, clicking on it will launch your default CD burning software & it will make a bootable disk that you can use. This is the page you d/l the .iso files from.

GParted -- Download

When you get an extra USB drive, if you want to opt for a bootable USB, this page has the files.

GParted -- Live CD/USB/PXE/HD

For now, just keep an eye on your PC & do a full system scan with all AV's & Scanners you have.
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Back
Top