Wednesday, November 13, 2013

The Rootkit Battles of 2013


It all began with the little things. I could not install latest version of Calibre. Then later on, Evernote installer failed. Then it was the turn of Notepad++ and XYPlorer. I had my suspicions when the Windows 8.1 update failed. But what really signalled the war cry was this error message from Norton: The Infamous 'Error 8920, 204' while running Liveupdate.
Since yesterday, I have been fighting hard to remove a ZeroAccess Toolkit that infected my Laptop because of spectacular failure of Norton 360 in defending the system. While chatting with Norton Support, their 'technician' told that Norton Power Eraser will solve the issue. So I rebooted into Safe mode, downloaded the file and ran it and I got this strange error message. 
When I restarted, It rebooted into 'Safe mode without Networking' mode and failed because apparently the system is "Not Connected to Internet" (That's why its called Safe Mode without Networking!, What were they expecting?) !!!!
After countless hours of browsing through internet forums and multiple reboots into safemode, I was able to run One malware terminator (RKill), Rogue registry entry cleaner, Two anti Malware suites (Mawarebytes and Hitman Pro) and one Rootkit killer (TDSSKiller by Kaspersky). None of these reported any malware infections. However, the problem still persists: I can't install any software including the magnificent Norton 360 or update windows. Every time I try to do, I get some weird error message. 
The system is still infected and the war has not been won, yet!
Update 2240Hrs, 11-11-13
Managed to install virus drfinition updates for Norton 360 via Support page (manual install of updates). Downloaded the virus definitions for Comodo in the same manner. However cant test whether its working because the background services of both secuirty suites dont run in safe mode. Incidently i was able to install Notepad++, new version of Evernote and Calibre (softwares I could not install in Windows Normal Mode). So it seems the Rootkit is not effective in Safe Mode.
Update 2343Hrs, 11-11-13
Now running Sophos Virus Removal Tool. Lets see if this can catch the malware! Also noticed that one installer I dowloaded in Windows Normal Mode did not run in Safe Mode. But when I downloaded the same file again in Safe mode, It installed without any issues. The program was the latest version of Calibre. So it seems that the malware alters the executable files at the time of download itself.
Update 1114Hrs, 12-11-13
Yesterday night did a scan with Sophos Virus removal tool and it detected two Malware. Still not sure whether the Infection has been cured. Also ran full system scans in Norton 360 and Comodo Interent Security. However, even after 8 hours both scans did not complete and hence had to terminate both in the morning. Scans didn't report any major infections.


No comments:

Post a Comment